CVE-2025-0657

Summary

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility.

Affected Software

VendorProductVersion RangeStatus
Automated LogicWebCtrl0 <= 8.5affected
Automated LogicGen5 Controllers0 <= drv_gen5_108-04-20120affected
Carrieri-Vu0 <= 8.5affected

Weaknesses

  • CWE-129: CWE-129 Improper Validation of Array Index
  • CWE-248: CWE-248 Uncaught Exception

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References