CVE-2026-25086
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Automated Logic | WebCTRL Premium Server | 0 < v8.5 | affected |
Weaknesses
- CWE-605: CWE-605
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.automatedlogic.com/en/company/security-commitment/
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.