CVE-2025-14295
📋 TL;DR
This vulnerability allows attackers to access stored passwords in a recoverable format in Automated Logic WebCTRL and Carrier i-Vu building automation systems. Affected systems include WebCTRL and i-Vu versions 6.0 through 9.0 on Windows, enabling password reuse attacks by malicious users who gain access to the stored credentials.
💻 Affected Systems
- Automated Logic WebCTRL
- Carrier i-Vu
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of building automation systems allowing unauthorized control of HVAC, lighting, and security systems, potentially leading to physical safety risks, data theft, and operational disruption.
Likely Case
Unauthorized access to building management systems leading to configuration changes, data exfiltration, and potential lateral movement to other systems using stolen credentials.
If Mitigated
Limited impact with proper network segmentation and access controls, though stored credentials remain vulnerable to attackers with system access.
🎯 Exploit Status
Exploitation requires access to the system where passwords are stored. The vulnerability is in how passwords are stored, not in authentication bypass.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.corporate.carrier.com/product-security/advisories-resources/
Restart Required: Yes
Instructions:
1. Review Carrier's security advisory for specific patch versions. 2. Backup system configuration. 3. Apply vendor-provided patches. 4. Restart affected services. 5. Verify password storage is now using secure hashing.
🔧 Temporary Workarounds
Network Segmentation
allIsolate building automation systems from general corporate networks and internet access
Access Control Hardening
allImplement strict access controls and monitor for unauthorized access attempts
🧯 If You Can't Patch
- Implement network segmentation to isolate affected systems from untrusted networks
- Enable detailed logging and monitoring for unauthorized access attempts to building automation systems
🔍 How to Verify
Check if Vulnerable:
Check system version against affected range (6.0-9.0) and review password storage mechanism in web session management componentCheck Version:
Check version in WebCTRL/i-Vu administration interface or consult system documentationVerify Fix Applied:
Verify system is updated beyond version 9.0 or to patched version, and confirm passwords are now stored using secure hashing algorithms📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to web session management components
- Multiple failed authentication attempts followed by successful login
Network Indicators:
- Unusual traffic patterns to/from building automation systems
- Access from unexpected IP addresses or locations
SIEM Query:
source="webctrl" OR source="i-vu" AND (event_type="authentication" OR event_type="session_access") AND result="success" FROM unexpected_ip