CVE-2025-13926: CWE-807 in Contemporary Controls BASControl20
An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T.
AI Analysis
Technical Summary
This vulnerability in Contemporary Controls BASControl20 (version 3.1) involves an attacker leveraging network traffic sniffing to capture data that enables forging of packets. These forged packets can be used to send arbitrary requests to the BASC 20T device, potentially compromising its confidentiality, integrity, and availability. The issue is categorized as CWE-807, which relates to reliance on untrusted inputs for security decisions. The CVSS 3.1 base score is 9.8, indicating critical risk with network attack vector, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability. No patch or official remediation level has been published by the vendor, and the product is not a cloud service, so remediation depends on vendor updates.
Potential Impact
Successful exploitation could allow an unauthenticated attacker to intercept network traffic and forge packets to the BASControl20 device, leading to full compromise of confidentiality, integrity, and availability of the device. This could result in unauthorized control or disruption of the device's operations. The critical CVSS score reflects the severity of these impacts. No known exploits have been reported in the wild so far.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or remediation level is provided, users should monitor Contemporary Controls' advisories for updates. Until a fix is available, consider restricting network access to the BASControl20 device to trusted hosts and using network segmentation to limit exposure. Avoid exposing the device to untrusted networks where traffic sniffing could occur.
CVE-2025-13926: CWE-807 in Contemporary Controls BASControl20
Description
An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Contemporary Controls BASControl20 (version 3.1) involves an attacker leveraging network traffic sniffing to capture data that enables forging of packets. These forged packets can be used to send arbitrary requests to the BASC 20T device, potentially compromising its confidentiality, integrity, and availability. The issue is categorized as CWE-807, which relates to reliance on untrusted inputs for security decisions. The CVSS 3.1 base score is 9.8, indicating critical risk with network attack vector, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability. No patch or official remediation level has been published by the vendor, and the product is not a cloud service, so remediation depends on vendor updates.
Potential Impact
Successful exploitation could allow an unauthenticated attacker to intercept network traffic and forge packets to the BASControl20 device, leading to full compromise of confidentiality, integrity, and availability of the device. This could result in unauthorized control or disruption of the device's operations. The critical CVSS score reflects the severity of these impacts. No known exploits have been reported in the wild so far.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or remediation level is provided, users should monitor Contemporary Controls' advisories for updates. Until a fix is available, consider restricting network access to the BASControl20 device to trusted hosts and using network segmentation to limit exposure. Avoid exposing the device to untrusted networks where traffic sniffing could occur.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- icscert
- Date Reserved
- 2025-12-02T21:00:14.794Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d806d21cc7ad14da15a557
Added to database: 4/9/2026, 8:06:42 PM
Last enriched: 4/9/2026, 8:21:05 PM
Last updated: 4/10/2026, 8:14:59 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.