What is CVE-2026-24060?

CVE-2026-24060 is a critical-severity vulnerability in Automated Logic Webctrl Premium Server, classified under Cleartext Transmission of Sensitive Information. CVSS score: 9.1/10. Published 2026-03-20.

How severe is CVE-2026-24060?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Automated Logic Webctrl Premium Server

CVE-2026-24060

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from…

EPSS: 0.000 (4.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Automated Logic Webctrl Premium Server — versions 0

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

References

Frequently asked questions

What is CVE-2026-24060?: CVE-2026-24060 is a critical-severity vulnerability in Automated Logic Webctrl Premium Server, classified under Cleartext Transmission of Sensitive Information. CVSS score: 9.1/10. Published 2026-03-20.
How severe is CVE-2026-24060?: Critical severity. CVSS v3 base score is 9.1 out of 10.