Skip to main content

Bascontrol20

1 CVEs product

Monthly

CVE-2025-13926 CRITICAL CISA Monitor

Session token exposure in Contemporary Controls BASControl20 3.1 building automation controller enables unauthenticated remote attackers to forge authenticated requests via network traffic interception. Exploitation requires attacker ability to sniff network traffic containing authentication credentials, which can then be replayed to execute arbitrary commands with full system privileges. Classified as CWE-807 (untrusted input reliance), this vulnerability permits complete compromise of controller confidentiality, integrity, and availability without user interaction. No public exploit identified at time of analysis.

Information Disclosure Bascontrol20
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
EPSS 0% CVSS 9.3
CRITICAL Monitor

Session token exposure in Contemporary Controls BASControl20 3.1 building automation controller enables unauthenticated remote attackers to forge authenticated requests via network traffic interception. Exploitation requires attacker ability to sniff network traffic containing authentication credentials, which can then be replayed to execute arbitrary commands with full system privileges. Classified as CWE-807 (untrusted input reliance), this vulnerability permits complete compromise of controller confidentiality, integrity, and availability without user interaction. No public exploit identified at time of analysis.

Information Disclosure Bascontrol20
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy