Skip to main content

Webctrl Premium Server CVE-2026-25086

| EUVDEUVD-2026-13844 HIGH
Multiple Binds to the Same Port (CWE-605)
2026-03-20 icscert
7.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.7 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 20, 2026 - 23:31 euvd
EUVD-2026-13844
Analysis Generated
Mar 20, 2026 - 23:31 vuln.today
CVE Published
Mar 20, 2026 - 23:14 nvd
HIGH 7.7

DescriptionCVE.org

Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software.

AnalysisAI

WebCTRL Premium Server contains a port binding vulnerability that allows an attacker with local access to bind to the same network port used by the WebCTRL service. This enables the attacker to send malicious packets and impersonate the legitimate WebCTRL service without injecting code into the application, potentially compromising confidentiality and integrity of building automation system communications. The vulnerability affects Automated Logic's WebCTRL Premium Server and has been disclosed by ICS-CERT, though no KEV listing or public POC is currently documented.

Technical ContextAI

The affected product is Automated Logic's WebCTRL Premium Server (CPE: cpe:2.3:a:automated_logic:webctrl_premium_server:*:*:*:*:*:*:*:*), a web-based building automation system management platform. The vulnerability is classified under CWE-605 (Multiple Binds to the Same Port), which occurs when the application fails to properly prevent other processes from binding to the same network port. This weakness in socket handling or port access control allows a competing process to intercept or hijack network communications intended for the legitimate service. In industrial control systems like WebCTRL, such binding conflicts can lead to service impersonation attacks where malicious traffic masquerades as legitimate building automation commands or data.

RemediationAI

Consult the official CISA advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08 and Automated Logic's security page at https://www.automatedlogic.com/en/company/security-commitment/ for specific patch versions and update procedures. Until patches can be applied, implement compensating controls including: restrict local access to WebCTRL server systems through operating system hardening and access control lists, implement application whitelisting to prevent unauthorized processes from executing, monitor for suspicious port binding activity using endpoint detection tools, and enforce network segmentation to isolate WebCTRL systems from general-purpose workstations. Configure host-based firewalls to limit port access to only the WebCTRL service process. Review and audit all accounts with local login rights to WebCTRL server infrastructure and apply least privilege principles.

Share

CVE-2026-25086 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy