CVE-2024-5539

Summary

The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the

web based building automation server.

Affected Software

VendorProductVersion RangeStatus
Automated LogicWebCTRL0 <= 8.5affected
Carrieri-Vu0 <= 8.5affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References