Bascontrol20
Monthly
Session token exposure in Contemporary Controls BASControl20 3.1 building automation controller enables unauthenticated remote attackers to forge authenticated requests via network traffic interception. Exploitation requires attacker ability to sniff network traffic containing authentication credentials, which can then be replayed to execute arbitrary commands with full system privileges. Classified as CWE-807 (untrusted input reliance), this vulnerability permits complete compromise of controller confidentiality, integrity, and availability without user interaction. No public exploit identified at time of analysis.
Session token exposure in Contemporary Controls BASControl20 3.1 building automation controller enables unauthenticated remote attackers to forge authenticated requests via network traffic interception. Exploitation requires attacker ability to sniff network traffic containing authentication credentials, which can then be replayed to execute arbitrary commands with full system privileges. Classified as CWE-807 (untrusted input reliance), this vulnerability permits complete compromise of controller confidentiality, integrity, and availability without user interaction. No public exploit identified at time of analysis.