Automated Logic WebCTRL Premium Server WebSocket Session Hijacking Vulnerability

A vulnerability in the WebSocket backend of Automated Logic WebCTRL Premium Server allows for session hijacking or shadowing. The issue arises because the backend uses charging station identifiers to associate sessions, but permits multiple endpoints to connect using the same identifier. This implementation leads to predictable session identifiers, where the most recent connection can displace the legitimate charging station and intercept backend commands intended for it. The vulnerability affects WebCTRL Premium Server versions 8.5 cumulative releases and later.

Impact

Exploitation of this vulnerability could result in unauthorized authentication as other users, interception and modification of communications, or a denial-of-service condition by overwhelming the backend with valid session requests.

Remediation

For customers using supported versions of WebCTRL (WebCTRL 8.5 cumulative releases and later), Automated Logic provides secure configuration guidance for hardware and software deployments, BACnet Secure Connect (BACnet/SC) support which introduces TLS encryption and mutual authentication, and published best practices for network segmentation, access control, and secure protocol implementation. Additional information is available on the Automated Logic website.