CVE-2026-24060

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reverse engineered.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json
https://www.automatedlogic.com/en/company/security-commitment/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-21 00:16

Updated : 2026-03-23 16:16

NVD link : CVE-2026-24060

Mitre link : CVE-2026-24060

CVE.ORG link : CVE-2026-24060

JSON object : View

Products Affected

No product.

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2026-24060", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "ics-cert@hq.dhs.gov"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2026-03-21T00:16:25.483", "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.automatedlogic.com/en/company/security-commitment/", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "Service information is not encrypted when transmitted as BACnet packets \nover the wire, and can be sniffed, intercepted, and modified by an \nattacker. Valuable information such as the File Start Position and File \nData can be sniffed from network traffic using Wireshark's BACnet \ndissector filter. The proprietary format used by WebCTRL to receive \nupdates from the PLC can also be sniffed and reverse engineered."}, {"lang": "es", "value": "La informaci\u00f3n de servicio no est\u00e1 cifrada cuando se transmite como paquetes BACnet a trav\u00e9s de la red, y puede ser olfateada, interceptada y modificada por un atacante. Informaci\u00f3n valiosa como la Posici\u00f3n de Inicio del Archivo y los Datos del Archivo puede ser olfateada del tr\u00e1fico de red utilizando el filtro disector BACnet de Wireshark. El formato propietario utilizado por WebCTRL para recibir actualizaciones del PLC tambi\u00e9n puede ser olfateado y sometido a ingenier\u00eda inversa."}], "lastModified": "2026-03-23T16:16:43.553", "sourceIdentifier": "ics-cert@hq.dhs.gov"}