{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25086", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-03-12T19:57:03.300Z", "datePublished": "2026-03-20T23:14:23.075Z", "dateUpdated": "2026-03-23T15:56:09.720Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-03-20T23:15:23.243Z"}, "title": "Automated Logic WebCTRL Premium Server Multiple Binds to the Same Port", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-605", "description": "CWE-605", "type": "CWE"}]}], "affected": [{"vendor": "Automated Logic", "product": "WebCTRL Premium Server", "versions": [{"status": "affected", "version": "0", "lessThan": "v8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Under certain conditions, an attacker could bind to the same port used \nby WebCTRL. This could allow the attacker to craft and send malicious \npackets and impersonate the WebCTRL service without requiring code \ninjection into the WebCTRL software.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Under certain conditions, an attacker could bind to the same port used \nby WebCTRL. This could allow the attacker to craft and send malicious \npackets and impersonate the WebCTRL service without requiring code \ninjection into the WebCTRL software."}]}], "tags": ["unsupported-when-assigned"], "references": [{"url": "https://www.automatedlogic.com/en/company/security-commitment/"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "solutions": [{"lang": "en", "value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC."}]}, {"lang": "en", "value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:\u00a0\n https://www.automatedlogic.com/en/company/security-commitment/", "supportingMedia": [{"type": "text/html", "base64": false, "value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:&nbsp;<br><a href=\"https://www.automatedlogic.com/en/company/security-commitment/\" title=\"(opens in a new window)\">https://www.automatedlogic.com/en/company/security-commitment/</a>"}]}], "credits": [{"lang": "en", "value": "Jonathan Lee, Thuy D. Nguyen, and Neil C. Rowe of the Naval Postgraduate School reported this vulnerability to CISA.", "type": "finder"}], "source": {"advisory": "ICSA-26-078-08", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-605", "lang": "en", "description": "CWE-605 Multiple Binds to the Same Port"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:50:06.633008Z", "id": "CVE-2026-25086", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:56:09.720Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25086", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T14:50:06.633008Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-605", "description": "CWE-605 Multiple Binds to the Same Port"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:50:16.600Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "Automated Logic WebCTRL Premium Server Multiple Binds to the Same Port", "source": {"advisory": "ICSA-26-078-08", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Jonathan Lee, Thuy D. Nguyen, and Neil C. Rowe of the Naval Postgraduate School reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Automated Logic", "product": "WebCTRL Premium Server", "versions": [{"status": "affected", "version": "0", "lessThan": "v8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC.", "supportingMedia": [{"type": "text/html", "value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC.", "base64": false}]}, {"lang": "en", "value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:\u00a0\n https://www.automatedlogic.com/en/company/security-commitment/", "supportingMedia": [{"type": "text/html", "value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:&nbsp;<br><a href=\"https://www.automatedlogic.com/en/company/security-commitment/\" title=\"(opens in a new window)\">https://www.automatedlogic.com/en/company/security-commitment/</a>", "base64": false}]}], "references": [{"url": "https://www.automatedlogic.com/en/company/security-commitment/"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Under certain conditions, an attacker could bind to the same port used \nby WebCTRL. This could allow the attacker to craft and send malicious \npackets and impersonate the WebCTRL service without requiring code \ninjection into the WebCTRL software.", "supportingMedia": [{"type": "text/html", "value": "Under certain conditions, an attacker could bind to the same port used \nby WebCTRL. This could allow the attacker to craft and send malicious \npackets and impersonate the WebCTRL service without requiring code \ninjection into the WebCTRL software.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-605", "description": "CWE-605"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-03-20T23:15:23.243Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25086", "state": "PUBLISHED", "dateUpdated": "2026-03-23T15:56:09.720Z", "dateReserved": "2026-03-12T19:57:03.300Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2026-03-20T23:14:23.075Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "ics-cert@hq.dhs.gov", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, an attacker could bind to the same port used \nby WebCTRL. This could allow the attacker to craft and send malicious \npackets and impersonate the WebCTRL service without requiring code \ninjection into the WebCTRL software."}], "id": "CVE-2026-25086", "lastModified": "2026-03-23T16:16:43.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-03-21T00:16:25.683", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.automatedlogic.com/en/company/security-commitment/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-605"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-605"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,v8.5)"}}], "enrichment": {"confidence": 87.0, "confidence_source": "matching", "scores": [{"score": 87.0, "source": "matching"}]}, "original": {"product": "WebCTRL Premium Server", "source": "cna", "vendor": "Automated Logic"}, "product": "webctrl_server", "vendor": "automatedlogic"}], "analysis": {"en": {"generated_at": "2026-03-21T07:27:51.235222+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest WebCTRL server (8.5 cumulative releases or later).", "Apply Automated Logic\u2019s secure configuration guidance, including BACnet/SC support with TLS and mutual authentication.", "Implement firewall rules or network segmentation to restrict access to the WebCTRL port.", "Monitor for unexpected traffic or binding attempts on the service port."], "summary": {"action": "Upgrade Immediately", "impact": "Service Impersonation"}, "threat_synthesis": {"affected_systems": "Affected deployments are those running Automated Logic\u2019s WebCTRL Premium Server, especially the end\u2011of\u2011life WebCTRL\u202f7 edition and earlier. Users of WebCTRL\u202f8.5 cumulative releases or newer should verify that they are using the latest version, which includes secure BACnet/SC support and improved configuration guidance. If an older unsupported version is in use, the vulnerability is present.", "description_and_impact": "The vulnerability allows an attacker to bind to the TCP port that WebCTRL Premium Server uses, enabling them to send crafted packets that the system will accept as coming from the legitimate service. Because no code injection is required, the attacker can impersonate the WebCTRL service and potentially redirect or inject traffic to connected BACnet devices.", "risk_and_exploitability": "With a CVSS score of 7.7, the flaw is considered high severity. No EPSS data or KEV listing indicates it may not yet have been exploited, yet the absence of a code\u2011injection requirement means an attacker only needs to reach the vulnerable port, which is feasible from any network segment with access to the device. The risk remains notable in environments where WebCTRL is exposed to untrusted networks."}}}}, "created": "2026-03-23T09:51:48.638512+00:00", "updated": "2026-03-25T14:33:48.251476+00:00", "vendors": ["automatedlogic", "automatedlogic$PRODUCT$webctrl_server"]}