← Voltar para CVEs
CVE-2026-24060
CRITICAL9.1
Descricao
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered.
Detalhes CVE
Pontuacao CVSS v3.19.1
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/21/2026
Ultima modificacao3/23/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-319CWE-319
Referencias
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json(ics-cert@hq.dhs.gov)
https://www.automatedlogic.com/en/company/security-commitment/(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08(ics-cert@hq.dhs.gov)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.