CVE-2026-25086

{"id": "CVE-2026-25086", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "ics-cert@hq.dhs.gov"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.5}]}, "published": "2026-03-21T00:16:25.683", "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.automatedlogic.com/en/company/security-commitment/", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-605"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-605"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, an attacker could bind to the same port used \nby WebCTRL. This could allow the attacker to craft and send malicious \npackets and impersonate the WebCTRL service without requiring code \ninjection into the WebCTRL software."}, {"lang": "es", "value": "Bajo ciertas condiciones, un atacante podr\u00eda vincularse al mismo puerto utilizado por WebCTRL. Esto podr\u00eda permitir al atacante crear y enviar paquetes maliciosos e suplantar el servicio de WebCTRL sin requerir la inyecci\u00f3n de c\u00f3digo en el software de WebCTRL."}], "lastModified": "2026-03-23T16:16:43.883", "sourceIdentifier": "ics-cert@hq.dhs.gov"}