Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Automated Logic WebCTRL Premium Server Authentication Bypass by Spoofing
Vulnerability Description
WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated AutomatedLogic controllers. Spoofed packets may be processed as legitimate.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Automated Logic WebCtrl 安全漏洞
Vulnerability Description
Automated Logic WebCtrl是美国Automated Logic公司的一个基于 Web 的楼宇自动化系统的服务器。 Automated Logic WebCtrl存在安全漏洞,该漏洞源于缺乏网络层身份验证,可能导致伪造的BACnet数据包被处理。
CVSS Information
N/A
Vulnerability Type
N/A