Automated Logic WebCTRL Premium Server Charging Station Authentication Identifier Exposure Vulnerability

A vulnerability exists in Automated Logic WebCTRL Premium Server that allows charging station authentication identifiers to be accessed publicly through web-based mapping platforms. This issue arises from cleartext transmission of sensitive information, which can be intercepted and modified by an attacker. The vulnerability affects WebCTRL Premium Server versions 8.5 cumulative releases and later.

Impact

Exploitation of this vulnerability could enable an attacker to read, intercept, or modify communications related to charging station authentication.

Remediation

For customers using supported versions of WebCTRL (WebCTRL 8.5 cumulative releases and later), Automated Logic provides secure configuration guidance for hardware and software deployments, BACnet Secure Connect (BACnet/SC) support which introduces TLS encryption and mutual authentication, and published best practices for network segmentation, access control, and secure protocol implementation. Additional information is available on the Automated Logic website.