← Back to home
ICSA-25-324-01  ·  Published 2025-11-20  ·  View on CISA ICS-CERT ↗

Automated Logic WebCTRL Premium Server

CVSS 9.3 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow a remote attacker to deceive a legitimate user into running malicious scripts or redirecting them to malicious websites.

CVEs (2)

Remediations

  • Automated Logic has reported the following:
  • Users are advised to upgrade to the latest available version. These vulnerabilities have been remediated in Web CTRL 9.0.
  • Web CTRL 7.0, Web CTRL 6.1, i-Vu 6.0 are out of support.
  • Additionally, Users are encouraged to follow Automated Logic's [Security Best Practices Checklists for Building Automation Systems (BAS)](https://www.automatedlogic.com/en/media/Security Best Practices for a WebCTRL v8.0 system-522_tcm702-168128.pdf) to ensure alignment with best practices installation guidelines.
  • For more information, visit Carrier's security advisories: https://www.corporate.carrier.com/product-security/advisories-resources/

Affected Vendors

Automated Logic

Affected Products (16)

Automated Logic · Automated Logic WebCTRL Server 6.1
Automated Logic · Automated Logic WebCTRL Server 7.0
Automated Logic · Automated Logic WebCTRL Server 8.0
Automated Logic · Automated Logic WebCTRL Server 8.5
Automated Logic · Carrier i-Vu 6.1
Automated Logic · Carrier i-Vu 7.0
Automated Logic · Carrier i-Vu 8.0
Automated Logic · Carrier i-Vu 8.5
Automated Logic · Automated Logic SiteScan Web 6.1
Automated Logic · Automated Logic SiteScan Web 7.0
Automated Logic · Automated Logic SiteScan Web 8.0
Automated Logic · Automated Logic SiteScan Web 8.5
Automated Logic · Automated Logic WebCTRL for OEMs 6.1
Automated Logic · Automated Logic WebCTRL for OEMs 7.0
Automated Logic · Automated Logic WebCTRL for OEMs 8.0
Automated Logic · Automated Logic WebCTRL for OEMs 8.5

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more