Thuy D. Nguyen

**Name of the Vulnerable Software and Affected Versions** WebCTRL (affected versions not specified) **Description** An attacker may be able to bind to the same port used by WebCTRL. This could allow the attacker to create and send malicious packets, impersonating the WebCTRL service without needing to inject code into the software. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebCTRL (affected versions not specified) **Description** WebCTRL systems utilizing BACnet communication are susceptible to an issue stemming from the protocol's inherent lack of network layer authentication. The software does not perform additional validation of BACnet traffic. This allows an attacker with network access to forge BACnet packets targeting the WebCTRL server or associated AutomatedLogic controllers. Successfully spoofed packets may be interpreted as legitimate, potentially leading to unauthorized actions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Automated Logic WebCTRL Premium (affected versions not specified) **Description** Service information is not encrypted when transmitted as BACnet packets over the network, allowing an attacker to sniff, intercept, and modify the data. Valuable information such as the File Start Position and File Data can be captured using tools like Wireshark with the BACnet dissector filter. The proprietary format used for updates from the PLC is also susceptible to sniffing and reverse engineering. This poses a serious threat as every HVAC command, sensor reading, and PLC update is exposed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.