CVE-2026-25086 | THREATINT

Description

Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software.

PUBLISHED Reserved 2026-03-12 | Published 2026-03-20 | Updated 2026-03-23 | Assigner icscert

HIGH: 7.7CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-605

Product status

Default status

unaffected

Any version before v8.5

affected

Credits

Jonathan Lee, Thuy D. Nguyen, and Neil C. Rowe of the Naval Postgraduate School reported this vulnerability to CISA. finder

References

www.automatedlogic.com/en/company/security-commitment/

www.cisa.gov/news-events/ics-advisories/icsa-26-078-08

github.com/...p/csaf_files/OT/white/2026/icsa-26-078-08.json

cve.org (CVE-2026-25086)

nvd.nist.gov (CVE-2026-25086)

Download JSON