Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software.
AnalysisAI
WebCTRL Premium Server contains a port binding vulnerability that allows an attacker with local access to bind to the same network port used by the WebCTRL service. This enables the attacker to send malicious packets and impersonate the legitimate WebCTRL service without injecting code into the application, potentially compromising confidentiality and integrity of building automation system communications. The vulnerability affects Automated Logic's WebCTRL Premium Server and has been disclosed by ICS-CERT, though no KEV listing or public POC is currently documented.
Technical ContextAI
The affected product is Automated Logic's WebCTRL Premium Server (CPE: cpe:2.3:a:automated_logic:webctrl_premium_server:*:*:*:*:*:*:*:*), a web-based building automation system management platform. The vulnerability is classified under CWE-605 (Multiple Binds to the Same Port), which occurs when the application fails to properly prevent other processes from binding to the same network port. This weakness in socket handling or port access control allows a competing process to intercept or hijack network communications intended for the legitimate service. In industrial control systems like WebCTRL, such binding conflicts can lead to service impersonation attacks where malicious traffic masquerades as legitimate building automation commands or data.
RemediationAI
Consult the official CISA advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08 and Automated Logic's security page at https://www.automatedlogic.com/en/company/security-commitment/ for specific patch versions and update procedures. Until patches can be applied, implement compensating controls including: restrict local access to WebCTRL server systems through operating system hardening and access control lists, implement application whitelisting to prevent unauthorized processes from executing, monitor for suspicious port binding activity using endpoint detection tools, and enforce network segmentation to isolate WebCTRL systems from general-purpose workstations. Configure host-based firewalls to limit port access to only the WebCTRL service process. Review and audit all accounts with local login rights to WebCTRL server infrastructure and apply least privilege principles.
More in Webctrl Premium Server
View allThis vulnerability affects Automated Logic's WebCTRL Premium Server, which transmits BACnet protocol data in cleartext w
WebCTRL Premium Server systems contain an authentication bypass vulnerability arising from BACnet protocol's inherent la
Same weakness CWE-605 – Multiple Binds to the Same Port
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13844