Automated Logic WebCTRL Cleartext Transmission Vulnerability Allowing Interception and Modification of BACnet Communications

A vulnerability exists in Automated Logic WebCTRL Premium Server due to the unencrypted transmission of service information as BACnet packets. This flaw allows attackers to sniff, intercept, and modify communications over the network. Critical data, such as the File Start Position and File Data, can be extracted using network analysis tools like Wireshark. Additionally, the proprietary format that WebCTRL uses to receive updates from Programmable Logic Controllers (PLCs) can be intercepted and reverse-engineered.

Impact

Exploitation of this vulnerability could lead to unauthorized reading, interception, or modification of BACnet communications, allowing attackers to tamper with or manipulate transmitted data.

Remediation

Users of Automated Logic WebCTRL Premium Server should upgrade to the latest version of the WebCTRL server application, which supports the more secure BACnet Secure Connect (BACnet/SC) protocol. For customers using supported versions of WebCTRL (WebCTRL 8.5 cumulative releases and later), Automated Logic provides secure configuration guidance, BACnet/SC support, and best practices for network segmentation, access control, and secure protocol implementation. Additional information is available on the Automated Logic website.