EUVD-2026-13840
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3Description
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered.
Analysis
This vulnerability affects Automated Logic's WebCTRL Premium Server, which transmits BACnet protocol data in cleartext without encryption. An attacker positioned on the network can sniff sensitive service information including File Start Position, File Data, and proprietary PLC update formats using tools like Wireshark, enabling both information disclosure and potential integrity attacks through modification of intercepted traffic. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all WebCTRL Premium Server instances and document network connectivity; restrict network access to these systems using firewall rules to trusted administrative networks only. Within 7 days: Implement network segmentation isolating BACnet traffic on a dedicated VLAN with access controls; conduct a forensic review of network logs for suspicious activity. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today