CVE-2026-25086 (GCVE-0-2026-25086)
Vulnerability from cvelistv5
Published
2026-03-20 23:14
Modified
2026-03-23 15:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Under certain conditions, an attacker could bind to the same port used
by WebCTRL. This could allow the attacker to craft and send malicious
packets and impersonate the WebCTRL service without requiring code
injection into the WebCTRL software.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automated Logic | WebCTRL Premium Server |
Version: 0 < v8.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T14:50:06.633008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-605",
"description": "CWE-605 Multiple Binds to the Same Port",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T15:56:09.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WebCTRL Premium Server",
"vendor": "Automated Logic",
"versions": [
{
"lessThan": "v8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonathan Lee, Thuy D. Nguyen, and Neil C. Rowe of the Naval Postgraduate School reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Under certain conditions, an attacker could bind to the same port used \nby WebCTRL. This could allow the attacker to craft and send malicious \npackets and impersonate the WebCTRL service without requiring code \ninjection into the WebCTRL software."
}
],
"value": "Under certain conditions, an attacker could bind to the same port used \nby WebCTRL. This could allow the attacker to craft and send malicious \npackets and impersonate the WebCTRL service without requiring code \ninjection into the WebCTRL software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-605",
"description": "CWE-605",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T23:15:23.243Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.automatedlogic.com/en/company/security-commitment/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC."
}
],
"value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.automatedlogic.com/en/company/security-commitment/\" title=\"(opens in a new window)\"\u003ehttps://www.automatedlogic.com/en/company/security-commitment/\u003c/a\u003e"
}
],
"value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:\u00a0\n https://www.automatedlogic.com/en/company/security-commitment/"
}
],
"source": {
"advisory": "ICSA-26-078-08",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Automated Logic WebCTRL Premium Server Multiple Binds to the Same Port",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-25086",
"datePublished": "2026-03-20T23:14:23.075Z",
"dateReserved": "2026-03-12T19:57:03.300Z",
"dateUpdated": "2026-03-23T15:56:09.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25086\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-23T14:50:06.633008Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-605\", \"description\": \"CWE-605 Multiple Binds to the Same Port\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-23T14:50:16.600Z\"}}], \"cna\": {\"tags\": [\"unsupported-when-assigned\"], \"title\": \"Automated Logic WebCTRL Premium Server Multiple Binds to the Same Port\", \"source\": {\"advisory\": \"ICSA-26-078-08\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Jonathan Lee, Thuy D. Nguyen, and Neil C. Rowe of the Naval Postgraduate School reported this vulnerability to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Automated Logic\", \"product\": \"WebCTRL Premium Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"v8.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Automated Logic notes that WebCTRL 7 is end of life and has been \\nout of support since January 27, 2023. Users are advised to upgrade to \\nthe latest version of the WebCTRL server application, which supports the\\n more secure BACnet/SC.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Automated Logic notes that WebCTRL 7 is end of life and has been \\nout of support since January 27, 2023. Users are advised to upgrade to \\nthe latest version of the WebCTRL server application, which supports the\\n more secure BACnet/SC.\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"For users of supported versions of WebCTRL (WebCTRL 8.5 \\ncumulative releases and later), Automated Logic provides secure \\nconfiguration guidance for hardware and software deployments; BACnet \\nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \\nmutual authentication; and published best practices for network \\nsegmentation, access control, and secure protocol implementation. \\nAdditional information is available at:\\u00a0\\n https://www.automatedlogic.com/en/company/security-commitment/\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"For users of supported versions of WebCTRL (WebCTRL 8.5 \\ncumulative releases and later), Automated Logic provides secure \\nconfiguration guidance for hardware and software deployments; BACnet \\nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \\nmutual authentication; and published best practices for network \\nsegmentation, access control, and secure protocol implementation. \\nAdditional information is available at:\u0026nbsp;\u003cbr\u003e\u003ca href=\\\"https://www.automatedlogic.com/en/company/security-commitment/\\\" title=\\\"(opens in a new window)\\\"\u003ehttps://www.automatedlogic.com/en/company/security-commitment/\u003c/a\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.automatedlogic.com/en/company/security-commitment/\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08\"}, {\"url\": \"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Under certain conditions, an attacker could bind to the same port used \\nby WebCTRL. This could allow the attacker to craft and send malicious \\npackets and impersonate the WebCTRL service without requiring code \\ninjection into the WebCTRL software.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Under certain conditions, an attacker could bind to the same port used \\nby WebCTRL. This could allow the attacker to craft and send malicious \\npackets and impersonate the WebCTRL service without requiring code \\ninjection into the WebCTRL software.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-605\", \"description\": \"CWE-605\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2026-03-20T23:15:23.243Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25086\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-23T15:56:09.720Z\", \"dateReserved\": \"2026-03-12T19:57:03.300Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2026-03-20T23:14:23.075Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…