Sensitive industrial control data can be intercepted and manipulated by attackers due to the use of unencrypted BACnet packets in Automated Logic WebCTRL.

This vulnerability involves the transmission of sensitive service information in an unencrypted format over the wire using BACnet packets. An unauthenticated attacker with network access can use tools like Wireshark to sniff and reverse engineer proprietary update formats and file data.

The lack of encryption allows attackers to gain deep insights into the PLC (Programmable Logic Controller) environment and potentially modify updates or control commands. This poses a severe risk to industrial operations, potentially leading to physical damage, process disruption, or intellectual property theft. The CVSS score of 9.1 reflects the high criticality in an OT environment.

Immediate Action: Update WebCTRL to the latest version and enable encrypted communication channels (such as BACnet/SC) if supported by the hardware.

Proactive Monitoring: Deploy network intrusion detection systems (IDS) to monitor BACnet traffic for unauthorized sniffing activity or anomalous packet modifications.

Compensating Controls: Isolate the building automation network from the corporate network and use encrypted VPNs for all remote access to the WebCTRL management interface.

Public Exploit Available: false

Securing industrial control systems (ICS) requires a defense-in-depth approach. Administrators must move away from unencrypted legacy protocols and ensure that all sensitive data transmitted over the wire is protected by modern encryption standards. Immediate network isolation and patching are recommended.