CVE-2026-24060

Name of the Vulnerable Software and Affected Versions Automated Logic WebCTRL Premium (affected versions not specified)

Description Service information is not encrypted when transmitted as BACnet packets over the network, allowing an attacker to sniff, intercept, and modify the data. Valuable information such as the File Start Position and File Data can be captured using tools like Wireshark with the BACnet dissector filter. The proprietary format used for updates from the PLC is also susceptible to sniffing and reverse engineering. This poses a serious threat as every HVAC command, sensor reading, and PLC update is exposed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.