CVE-2026-25086

HIGH

Automated Logic WebCTRL Premium Server Multiple Binds to the Same Port

Title source: cna

Description

Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software.

References (3)

https://www.automatedlogic.com/en/company/security-commitment/

https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json

View Writeup ZIP pw:eip

Scores

CVSS v3 7.7

EPSS 0.0002

EPSS Percentile 6.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-605

Status published

Products (1)

Automated Logic/WebCTRL Premium Server < v8.5

Published Mar 21, 2026

Tracked Since Mar 21, 2026