Detections
Analytics

Automated Logic WebCTRL Incorrect Authorization (CVE-2024-5539)

critical Tenable OT Security Plugin ID 505501

Synopsis

The remote OT asset is affected by a vulnerability.

Description

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products.
The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to unauthorized access to sensitive information or functionality.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Upgrade to Automated Logic WebCTRL or Carrier i-Vu version 8.0 or later. Versions 7.0, 6.5, and 6.1 are no longer supported.

See Also

http://www.nessus.org/u?4bedf100

Plugin Details

Severity: Critical

ID: 505501

File Name: tenable_ot_automatedlogiccorporation_CVE-2024-5539.nasl

Version: 1.1

Type: Remote

Family: Tenable.ot

Published: 6/23/2026

Updated: 6/23/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v3

Risk Factor: High

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Threat Score: 7.7

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:automatedlogic:webctrl_server

Required KB Items: Tenable.ot/AutomatedLogicCorporation

Patch Publication Date: 11/26/2025

Vulnerability Publication Date: 11/26/2025

Reference Information

CVE: CVE-2024-5539

CWE: 863