BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·55d ago

Contemporary Controls BASC 20T

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-01.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to enumerate the functionality of each component associated with the PLC, reconfigure, rename, delete, perform file transfers, and make remote procedure calls. /strong /p p The following versions of Contemporary Controls BASC 20T are affected: /p ul li BASControl20 3.1 (CVE-2025-13926) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td Contemporary Controls Sedona Alliance /td td Contemporary Controls BASC 20T /td td Reliance on Untrusted Inputs in a Security Decision /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities, Critical Manufacturing, Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-13926 /a /h3 div class= csaf-accordion-content p An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-13926 View CVE Details /a /p hr h4 Affected Products /h4 h5 Contemporary Controls BASC 20T /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Contemporary Controls Sedona Alliance /div div class= ics-version strong Product Version: /strong br Contemporary Controls Sedona Alliance BASControl20: 3.1 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br According to Contemporary Controls, the BASC-20T is an obsolete product. It is recommended that users of the affected product contact Contemporary Controls for additional information. br a href= https://www.ccontrols.com/support/contacttech.htm https://www.ccontrols.com/support/contacttech.htm /a /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/807.html CWE-807 Reliance on Untrusted Inputs in a Security Decision /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS Version /th th role= columnheader Base Score /th th role= columnheader Base Severity /th th role= col

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-099-01

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin