EUVD-2025-209395

| CVE-2025-13926 CRITICAL
2026-04-09 icscert
9.3
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 09, 2026 - 20:15 euvd
EUVD-2025-209395
Analysis Generated
Apr 09, 2026 - 20:15 vuln.today
CVE Published
Apr 09, 2026 - 19:47 nvd
CRITICAL 9.3

Tags

Information Disclosure

Description

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T.

Analysis

Session token exposure in Contemporary Controls BASControl20 3.1 building automation controller enables unauthenticated remote attackers to forge authenticated requests via network traffic interception. Exploitation requires attacker ability to sniff network traffic containing authentication credentials, which can then be replayed to execute arbitrary commands with full system privileges. Classified as CWE-807 (untrusted input reliance), this vulnerability permits complete compromise of controller confidentiality, integrity, and availability without user interaction. No public exploit identified at time of analysis.

Technical Context

Root cause is inadequate session management allowing credential replay attacks (CWE-807). Authentication tokens transmitted over the network lack cryptographic binding or replay protection mechanisms, permitting passive network interception followed by credential reuse. CVSS:4.0 vector confirms unauthenticated network attack (PR:N, AV:N) with no complexity barriers (AC:L, AT:N), yielding high impact across all CIA dimensions for vulnerable component.

Affected Products

Contemporary Controls BASControl20 version 3.1, building automation controller (CPE: cpe:2.3:a:contemporary_controls:bascontrol20:*:*:*:*:*:*:*:*). Industrial control system component for HVAC/building management applications.

Remediation

No vendor-released patch identified at time of analysis. Contact Contemporary Controls technical support directly via https://www.ccontrols.com/support/contacttech.htm for remediation guidance specific to BASControl20 3.1 deployments. Until patches are available, implement network segmentation to isolate BASControl20 devices from untrusted networks, deploy encrypted communication channels (VPN/TLS) to prevent credential interception, and restrict network access to the controller using firewall rules permitting only authenticated administrative hosts. Monitor CISA advisory ICSA-26-099-01 for updates: https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-01. Consider disabling remote access features if operationally feasible until vendor provides cryptographically secure session management.

Priority Score

57
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +46
POC: 0

Share

EUVD-2025-209395 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy