Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information
Vulnerability Description
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
Automated Logic WebCtrl 安全漏洞
Vulnerability Description
Automated Logic WebCtrl是美国Automated Logic公司的一个基于 Web 的楼宇自动化系统的服务器。 Automated Logic WebCtrl存在安全漏洞,该漏洞源于BACnet数据包传输未加密,可能导致攻击者嗅探、拦截和修改服务信息。
CVSS Information
N/A
Vulnerability Type
N/A