{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24060", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-03-12T19:57:03.348Z", "datePublished": "2026-03-20T23:19:05.223Z", "dateUpdated": "2026-03-23T15:55:53.047Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-03-20T23:19:05.223Z"}, "title": "Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-319", "description": "CWE-319", "type": "CWE"}]}], "affected": [{"vendor": "Automated Logic", "product": "WebCTRL Premium Server", "versions": [{"status": "affected", "version": "0", "lessThan": "v8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Service information is not encrypted when transmitted as BACnet packets \nover the wire, and can be sniffed, intercepted, and modified by an \nattacker. Valuable information such as the File Start Position and File \nData can be sniffed from network traffic using Wireshark's BACnet \ndissector filter. The proprietary format used by WebCTRL to receive \nupdates from the PLC can also be sniffed and reverse engineered.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Service information is not encrypted when transmitted as BACnet packets \nover the wire, and can be sniffed, intercepted, and modified by an \nattacker. Valuable information such as the File Start Position and File \nData can be sniffed from network traffic using Wireshark's BACnet \ndissector filter. The proprietary format used by WebCTRL to receive \nupdates from the PLC can also be sniffed and reverse engineered."}]}], "tags": ["unsupported-when-assigned"], "references": [{"url": "https://www.automatedlogic.com/en/company/security-commitment/"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "solutions": [{"lang": "en", "value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC."}]}, {"lang": "en", "value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:\u00a0\n https://www.automatedlogic.com/en/company/security-commitment/", "supportingMedia": [{"type": "text/html", "base64": false, "value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:&nbsp;<br><a href=\"https://www.automatedlogic.com/en/company/security-commitment/\" title=\"(opens in a new window)\">https://www.automatedlogic.com/en/company/security-commitment/</a>"}]}], "credits": [{"lang": "en", "value": "Jonathan Lee, Thuy D. Nguyen, and Neil C. Rowe of the Naval Postgraduate School reported this vulnerability to CISA.", "type": "finder"}], "source": {"advisory": "ICSA-26-078-08", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-319", "lang": "en", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:49:21.420075Z", "id": "CVE-2026-24060", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:55:53.047Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24060", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-03-12T19:57:03.348Z", "datePublished": "2026-03-20T23:19:05.223Z", "dateUpdated": "2026-03-23T15:55:53.047Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-03-20T23:19:05.223Z"}, "title": "Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-319", "description": "CWE-319", "type": "CWE"}]}], "affected": [{"vendor": "Automated Logic", "product": "WebCTRL Premium Server", "versions": [{"status": "affected", "version": "0", "lessThan": "v8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Service information is not encrypted when transmitted as BACnet packets \nover the wire, and can be sniffed, intercepted, and modified by an \nattacker. Valuable information such as the File Start Position and File \nData can be sniffed from network traffic using Wireshark's BACnet \ndissector filter. The proprietary format used by WebCTRL to receive \nupdates from the PLC can also be sniffed and reverse engineered.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Service information is not encrypted when transmitted as BACnet packets \nover the wire, and can be sniffed, intercepted, and modified by an \nattacker. Valuable information such as the File Start Position and File \nData can be sniffed from network traffic using Wireshark's BACnet \ndissector filter. The proprietary format used by WebCTRL to receive \nupdates from the PLC can also be sniffed and reverse engineered."}]}], "tags": ["unsupported-when-assigned"], "references": [{"url": "https://www.automatedlogic.com/en/company/security-commitment/"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "solutions": [{"lang": "en", "value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Automated Logic notes that WebCTRL 7 is end of life and has been \nout of support since January 27, 2023. Users are advised to upgrade to \nthe latest version of the WebCTRL server application, which supports the\n more secure BACnet/SC."}]}, {"lang": "en", "value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:\u00a0\n https://www.automatedlogic.com/en/company/security-commitment/", "supportingMedia": [{"type": "text/html", "base64": false, "value": "For users of supported versions of WebCTRL (WebCTRL 8.5 \ncumulative releases and later), Automated Logic provides secure \nconfiguration guidance for hardware and software deployments; BACnet \nSecure Connect (BACnet/SC) support, which introduces TLS encryption and \nmutual authentication; and published best practices for network \nsegmentation, access control, and secure protocol implementation. \nAdditional information is available at:&nbsp;<br><a href=\"https://www.automatedlogic.com/en/company/security-commitment/\" title=\"(opens in a new window)\">https://www.automatedlogic.com/en/company/security-commitment/</a>"}]}], "credits": [{"lang": "en", "value": "Jonathan Lee, Thuy D. Nguyen, and Neil C. Rowe of the Naval Postgraduate School reported this vulnerability to CISA.", "type": "finder"}], "source": {"advisory": "ICSA-26-078-08", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24060", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T14:49:21.420075Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:49:11.001Z"}}]}}

{"cveTags": [{"sourceIdentifier": "ics-cert@hq.dhs.gov", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Service information is not encrypted when transmitted as BACnet packets \nover the wire, and can be sniffed, intercepted, and modified by an \nattacker. Valuable information such as the File Start Position and File \nData can be sniffed from network traffic using Wireshark's BACnet \ndissector filter. The proprietary format used by WebCTRL to receive \nupdates from the PLC can also be sniffed and reverse engineered."}], "id": "CVE-2026-24060", "lastModified": "2026-03-23T16:16:43.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-03-21T00:16:25.483", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.automatedlogic.com/en/company/security-commitment/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,v8.5)"}}], "enrichment": {"confidence": 87.0, "confidence_source": "matching", "scores": [{"score": 87.0, "source": "matching"}]}, "original": {"product": "WebCTRL Premium Server", "source": "cna", "vendor": "Automated Logic"}, "product": "webctrl_server", "vendor": "automatedlogic"}], "analysis": {"en": {"generated_at": "2026-03-21T06:42:39.875225+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest WebCTRL version (8.5 or later) that supports BACnet/SC with TLS encryption.", "Configure the WebCTRL server to use BACnet/SC with mutual TLS authentication for all PLC communications.", "Disable or restrict unencrypted BACnet traffic on the network segment where WebCTRL is deployed.", "Implement network segmentation to isolate the WebCTRL server from unauthorized devices.", "Monitor network traffic for anomalous BACnet packets and verify that encryption is enforced."], "summary": {"action": "Immediate Upgrade", "impact": "Cleartext transmission of sensitive information"}, "threat_synthesis": {"affected_systems": "All installations of Automated Logic WebCTRL Premium Server are affected, particularly those running WebCTRL 7 and earlier, as WebCTRL 7 has reached end of life. Subsequent versions such as WebCTRL 8.5 cumulative releases and later have been updated to support encrypted BACnet/SC, but if these updated versions are not deployed, the vulnerability remains.", "description_and_impact": "The vulnerability allows attackers to intercept BACnet service traffic transmitted by WebCTRL Premium Server without encryption. Sensitive data, including file offsets and file contents, can be captured and modified using standard network tools. This permits disclosure of proprietary update formats and other confidential information, potentially compromising the integrity of downstream PLC updates. The weakness corresponds to CWE\u2011319, cleartext transmission of sensitive information.", "risk_and_exploitability": "The vulnerability scores 9.1 on the CVSS v3.1 scale, indicating a high risk to confidentiality. The EPSS value is not provided, and the vulnerability is not listed in the CISA KEV catalog, but SANS guidelines caution that cleartext protocol traffic is a serious threat. Attackers likely need network visibility to the BACnet segment and can achieve exploitation by passively sniffing packets or actively modifying traffic; no authentication or privilege escalation is required. Because BACnet is a field bus protocol used in industrial control systems, the potential impact spans from data leakage to compromised security updates."}}}}, "created": "2026-03-23T09:51:45.972383+00:00", "updated": "2026-03-25T14:33:45.646126+00:00", "vendors": ["automatedlogic", "automatedlogic$PRODUCT$webctrl_server"]}