Automated Logic WebCTRL Premium Server

CVSS 9.1 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to read, intercept, or modify communications.

CVE-2026-25086 CVE-2026-32666 CVE-2026-24060

Automated Logic notes that WebCTRL 7 is End of Life (EOL) and has been out of support since January 27, 2023. Users are advised to upgrade to the latest version of the WebCTRL server application, which supports the more secure BACnet/SC.
For customers using supported versions of WebCTRL (WebCTRL 8.5 cumulative releases and later), Automated Logic provides secure configuration guidance for hardware and software deployments; BACnet Secure Connect (BACnet/SC) support, which introduces TLS encryption and mutual authentication; and published best practices for network segmentation, access control, and secure protocol implementation. Additional information is available at: https://www.automatedlogic.com/en/company/security-commitment/.

Automated Logic

Automated Logic · WebCTRL Premium Server <v8.5

Commercial Facilities

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.