Automated Logic WebCTRL Premium Server

Risk Summary

Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary commands on the server hosting WebCTRL or redirect legitimate users to malicious sites.

CVEs (2)

Remediations

• Automated Logic has recommended the following:
• For CVE-2024-8525, a software update is available on the authorized dealer support site. Although a software update is available for this issue, the last support date for v7.0 was 1/27/2023 and it is recommended that customers upgrade their software to the latest supported version.
• Additionally, Customers are encouraged to follow Automated Logic's [Security Best Practices Cheklists for Building Automation Systems (BAS)](https://www.automatedlogic.com/en/media/Security Best Practices for a WebCTRL v8.0 system-522_tcm702-168128.pdf) to ensure alignment with best practices installation guidelines.
• For CVE-2024-8526, the vulnerability was fixed at version 8.0 for all impacted products.

Affected Vendors

Affected Products (4)

Affected Sectors

Critical Manufacturing