CVE-2026-32666

Name of the Vulnerable Software and Affected Versions WebCTRL (affected versions not specified)

Description WebCTRL systems utilizing BACnet communication are susceptible to an issue stemming from the protocol's inherent lack of network layer authentication. The software does not perform additional validation of BACnet traffic. This allows an attacker with network access to forge BACnet packets targeting the WebCTRL server or associated AutomatedLogic controllers. Successfully spoofed packets may be interpreted as legitimate, potentially leading to unauthorized actions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.