PT-2026-26712 · Automated Logic · Webctrl Premium Server
Published
2026-03-20
·
Updated
2026-03-21
·
CVE-2026-24060
CVSS v3.1
9.1
Critical
| AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Service information is not encrypted when transmitted as BACnet packets
over the wire, and can be sniffed, intercepted, and modified by an
attacker. Valuable information such as the File Start Position and File
Data can be sniffed from network traffic using Wireshark's BACnet
dissector filter. The proprietary format used by WebCTRL to receive
updates from the PLC can also be sniffed and reverse engineered.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webctrl Premium Server