Description
Service information is not encrypted when transmitted as BACnet packets
over the wire, and can be sniffed, intercepted, and modified by an
attacker. Valuable information such as the File Start Position and File
Data can be sniffed from network traffic using Wireshark's BACnet
dissector filter. The proprietary format used by WebCTRL to receive
updates from the PLC can also be sniffed and reverse engineered.
Published: 2026-03-20
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Cleartext transmission of sensitive information
Action: Immediate Upgrade
AI Analysis

Impact

The vulnerability allows attackers to intercept BACnet service traffic transmitted by WebCTRL Premium Server without encryption. Sensitive data, including file offsets and file contents, can be captured and modified using standard network tools. This permits disclosure of proprietary update formats and other confidential information, potentially compromising the integrity of downstream PLC updates. The weakness corresponds to CWE‑319, cleartext transmission of sensitive information.

Affected Systems

All installations of Automated Logic WebCTRL Premium Server are affected, particularly those running WebCTRL 7 and earlier, as WebCTRL 7 has reached end of life. Subsequent versions such as WebCTRL 8.5 cumulative releases and later have been updated to support encrypted BACnet/SC, but if these updated versions are not deployed, the vulnerability remains.

Risk and Exploitability

The vulnerability scores 9.1 on the CVSS v3.1 scale, indicating a high risk to confidentiality. The EPSS value is not provided, and the vulnerability is not listed in the CISA KEV catalog, but SANS guidelines caution that cleartext protocol traffic is a serious threat. Attackers likely need network visibility to the BACnet segment and can achieve exploitation by passively sniffing packets or actively modifying traffic; no authentication or privilege escalation is required. Because BACnet is a field bus protocol used in industrial control systems, the potential impact spans from data leakage to compromised security updates.

Generated by OpenCVE AI on March 21, 2026 at 06:42 UTC.

Remediation

Vendor Solution

Automated Logic notes that WebCTRL 7 is end of life and has been out of support since January 27, 2023. Users are advised to upgrade to the latest version of the WebCTRL server application, which supports the more secure BACnet/SC.

OpenCVE Recommended Actions

  • Upgrade to the latest WebCTRL version (8.5 or later) that supports BACnet/SC with TLS encryption.
  • Configure the WebCTRL server to use BACnet/SC with mutual TLS authentication for all PLC communications.
  • Disable or restrict unencrypted BACnet traffic on the network segment where WebCTRL is deployed.
  • Implement network segmentation to isolate the WebCTRL server from unauthorized devices.
  • Monitor network traffic for anomalous BACnet packets and verify that encryption is enforced.

Generated by OpenCVE AI on March 21, 2026 at 06:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Automatedlogic
Automatedlogic webctrl Server
Vendors & Products Automatedlogic
Automatedlogic webctrl Server

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered.
Title Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information
Weaknesses CWE-319
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Automatedlogic Webctrl Server
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-23T15:55:53.047Z

Reserved: 2026-03-12T19:57:03.348Z

Link: CVE-2026-24060

cve-icon Vulnrichment

Updated: 2026-03-23T14:49:11.001Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-21T00:16:25.483

Modified: 2026-03-23T16:16:43.553

Link: CVE-2026-24060

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:33:45Z

Weaknesses