Primary

Context

ALC WebCTRL and Carrier i-Vu Access Control Bypass Vulnerability

Vulnerability

A vulnerability allowing access control bypass has been identified in ALC WebCTRL and Carrier i-Vu, in versions up to and including 8.5. This vulnerability enables a malicious actor to circumvent intended access restrictions and access sensitive information through the web-based building automation server.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information via the web-based building automation server.

Added: Nov 27, 2025, 1:18 AM

Updated: Nov 27, 2025, 1:18 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

7.0

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

7.0

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ALC WebCTRL and Carrier i-Vu Access Control Bypass Vulnerability

Vulnerability

Impact

Affected Products

Automated Logic WebCTRL

Carrier i-Vu

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating