CVE-2025-0658

Summary

A vulnerability in Automated Logic and Carrier's Zone Controller via BACnet protocol causes the device to crash. The device enters a fault state; after a reset, a second packet can leave it permanently unresponsive until a manual power cycle is performed.

Affected Software

VendorProductVersion RangeStatus
Automated LogicZone Controllers0 < 6.06-101affected
CarrierZone Controllers0 < 6.06-101affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References