Description
An attacker could use data obtained by sniffing the network traffic to
forge packets in order to make arbitrary requests to Contemporary
Controls BASC 20T.
Published: 2026-04-09
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Impersonation or Configuration Manipulation
Action: Apply Workaround
AI Analysis

Impact

Contemporary Controls BASC 20T allows an attacker who can observe traffic to forge packets that the device will treat as legitimate requests. Because the system relies on untrusted network input for security decisions, these forged requests can lead to unauthorized commands or configuration changes on the controller, potentially compromising the confidentiality, integrity, and availability of the industrial control system.

Affected Systems

The vulnerability applies to the Contemporary Controls BASC 20T (BASControl20) controller used in industrial automation. The product is marked as obsolete and the advisory does not list specific firmware or hardware revisions; users must identify if their installations include this model and confirm the exact revision in use.

Risk and Exploitability

With a CVSS base score of 9.3 the issue is classified as critical. EPSS information is unavailable and the vulnerability is not listed in the CISA KEV catalog. Exploitation likely requires remote network access to capture legitimate traffic and then resend crafted packets to the controller, making it a remote attack that can have severe operational impacts.

Generated by OpenCVE AI on April 9, 2026 at 21:50 UTC.

Remediation

Vendor Workaround

According to Contemporary Controls, the BASC-20T is an obsolete product. It is recommended that users of the affected product contact Contemporary Controls https://www.ccontrols.com/support/contacttech.htm for additional information.

OpenCVE Recommended Actions

  • Contact Contemporary Controls for guidance and support regarding the BASC‑20T vulnerability.
  • Isolate or disconnect the BASC‑20T controller from untrusted or external networks until a response is received.
  • Deploy network monitoring to detect forged or anomalous traffic targeting the controller.
  • Plan to replace the obsolete BASC‑20T with a supported, secure alternative product.

Generated by OpenCVE AI on April 9, 2026 at 21:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Contemporary Controls
Contemporary Controls bascontrol20
Vendors & Products Contemporary Controls
Contemporary Controls bascontrol20

Thu, 09 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T.
Title Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision
Weaknesses CWE-807
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Contemporary Controls Bascontrol20
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-10T14:11:21.320Z

Reserved: 2025-12-02T21:00:14.794Z

Link: CVE-2025-13926

cve-icon Vulnrichment

Updated: 2026-04-10T14:11:07.695Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-09T20:16:23.807

Modified: 2026-04-13T15:02:27.760

Link: CVE-2025-13926

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:29:24Z

Weaknesses