Automated Logic WebCTRL BACnet Authentication Bypass Vulnerability

A vulnerability exists in Automated Logic WebCTRL systems that communicate over BACnet, due to the protocol's lack of network layer authentication. WebCTRL does not add extra validation for BACnet traffic, allowing an attacker with network access to spoof BACnet packets aimed at the WebCTRL server or related Automated Logic controllers. These spoofed packets could be accepted and processed as legitimate. This vulnerability affects WebCTRL Premium Server versions 8.5 and later.

Impact

Exploitation of this vulnerability could enable an attacker to spoof BACnet packets, potentially disrupting communication or control between the WebCTRL server and connected Automated Logic controllers.

Remediation

For customers using supported versions of WebCTRL (WebCTRL 8.5 cumulative releases and later), Automated Logic provides secure configuration guidance for hardware and software deployments, BACnet Secure Connect (BACnet/SC) support which introduces TLS encryption and mutual authentication, and published best practices for network segmentation, access control, and secure protocol implementation. Additional information is available on the Automated Logic website.