Search criteria
2 vulnerabilities found for WebCtrl Server by Automated Logic
CVE-2022-1019 (GCVE-0-2022-1019)
Vulnerability from nvd – Published: 2022-04-19 20:38 – Updated: 2025-04-16 16:29
VLAI
Title
Automated Logic WebCtrl Server Open Redirection Vulnerability
Summary
Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file.
Severity
5.2 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.corporate.carrier.com/Images/CARR-PSA… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Automated Logic | WebCtrl Server |
Affected:
All , ≤ 7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-ALC-WebCTRL-001-1121_tcm558-149395.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:58.071990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:29:16.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WebCtrl Server",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "7.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chizuru Toyama from Trend Micro"
}
],
"descriptions": [
{
"lang": "en",
"value": "Automated Logic\u0027s WebCtrl Server Version 6.1 \u0027Help\u0027 index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T20:38:25.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-ALC-WebCTRL-001-1121_tcm558-149395.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the latest supported version of WebCtrl 7.0 \u201cOctober 29, 2020 - cumulative patch\u201d or later."
}
],
"source": {
"advisory": "CARR-PSA-2021-01",
"discovery": "EXTERNAL"
},
"title": "Automated Logic WebCtrl Server Open Redirection Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "As a manual work around an administrator can add the CSP header/meta tag to each \u201cindex.htm\u201d file in each of the directories under \u201c\u003cinstall_dir\u003e/webroot/_common/lvl5/help/*\u201d. These are the main index files for each help for each program/tool and are all web accessible.\nExample would read: \u003cmeta http-equiv=\"Content-Security-Policy\" content=\"default-src \u0027self\u0027; img-src \u0027self\u0027 data:; font-src \u0027self\u0027 data:; script-src \u0027self\u0027 \u0027unsafe-inline\u0027 \u0027unsafe-eval\u0027; style-src \u0027self\u0027 \u0027unsafe-inline\u0027\"\u003e"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-1019",
"STATE": "PUBLIC",
"TITLE": "Automated Logic WebCtrl Server Open Redirection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebCtrl Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "Automated Logic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chizuru Toyama from Trend Micro"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Automated Logic\u0027s WebCtrl Server Version 6.1 \u0027Help\u0027 index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/Images/CARR-PSA-ALC-WebCTRL-001-1121_tcm558-149395.pdf",
"refsource": "CONFIRM",
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-ALC-WebCTRL-001-1121_tcm558-149395.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the latest supported version of WebCtrl 7.0 \u201cOctober 29, 2020 - cumulative patch\u201d or later."
}
],
"source": {
"advisory": "CARR-PSA-2021-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "As a manual work around an administrator can add the CSP header/meta tag to each \u201cindex.htm\u201d file in each of the directories under \u201c\u003cinstall_dir\u003e/webroot/_common/lvl5/help/*\u201d. These are the main index files for each help for each program/tool and are all web accessible.\nExample would read: \u003cmeta http-equiv=\"Content-Security-Policy\" content=\"default-src \u0027self\u0027; img-src \u0027self\u0027 data:; font-src \u0027self\u0027 data:; script-src \u0027self\u0027 \u0027unsafe-inline\u0027 \u0027unsafe-eval\u0027; style-src \u0027self\u0027 \u0027unsafe-inline\u0027\"\u003e"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1019",
"datePublished": "2022-04-19T20:38:25.000Z",
"dateReserved": "2022-03-17T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:29:16.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1019 (GCVE-0-2022-1019)
Vulnerability from cvelistv5 – Published: 2022-04-19 20:38 – Updated: 2025-04-16 16:29
VLAI
Title
Automated Logic WebCtrl Server Open Redirection Vulnerability
Summary
Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file.
Severity
5.2 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.corporate.carrier.com/Images/CARR-PSA… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Automated Logic | WebCtrl Server |
Affected:
All , ≤ 7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-ALC-WebCTRL-001-1121_tcm558-149395.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:58.071990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:29:16.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WebCtrl Server",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "7.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chizuru Toyama from Trend Micro"
}
],
"descriptions": [
{
"lang": "en",
"value": "Automated Logic\u0027s WebCtrl Server Version 6.1 \u0027Help\u0027 index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T20:38:25.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-ALC-WebCTRL-001-1121_tcm558-149395.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the latest supported version of WebCtrl 7.0 \u201cOctober 29, 2020 - cumulative patch\u201d or later."
}
],
"source": {
"advisory": "CARR-PSA-2021-01",
"discovery": "EXTERNAL"
},
"title": "Automated Logic WebCtrl Server Open Redirection Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "As a manual work around an administrator can add the CSP header/meta tag to each \u201cindex.htm\u201d file in each of the directories under \u201c\u003cinstall_dir\u003e/webroot/_common/lvl5/help/*\u201d. These are the main index files for each help for each program/tool and are all web accessible.\nExample would read: \u003cmeta http-equiv=\"Content-Security-Policy\" content=\"default-src \u0027self\u0027; img-src \u0027self\u0027 data:; font-src \u0027self\u0027 data:; script-src \u0027self\u0027 \u0027unsafe-inline\u0027 \u0027unsafe-eval\u0027; style-src \u0027self\u0027 \u0027unsafe-inline\u0027\"\u003e"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-1019",
"STATE": "PUBLIC",
"TITLE": "Automated Logic WebCtrl Server Open Redirection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebCtrl Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "Automated Logic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chizuru Toyama from Trend Micro"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Automated Logic\u0027s WebCtrl Server Version 6.1 \u0027Help\u0027 index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/Images/CARR-PSA-ALC-WebCTRL-001-1121_tcm558-149395.pdf",
"refsource": "CONFIRM",
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-ALC-WebCTRL-001-1121_tcm558-149395.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the latest supported version of WebCtrl 7.0 \u201cOctober 29, 2020 - cumulative patch\u201d or later."
}
],
"source": {
"advisory": "CARR-PSA-2021-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "As a manual work around an administrator can add the CSP header/meta tag to each \u201cindex.htm\u201d file in each of the directories under \u201c\u003cinstall_dir\u003e/webroot/_common/lvl5/help/*\u201d. These are the main index files for each help for each program/tool and are all web accessible.\nExample would read: \u003cmeta http-equiv=\"Content-Security-Policy\" content=\"default-src \u0027self\u0027; img-src \u0027self\u0027 data:; font-src \u0027self\u0027 data:; script-src \u0027self\u0027 \u0027unsafe-inline\u0027 \u0027unsafe-eval\u0027; style-src \u0027self\u0027 \u0027unsafe-inline\u0027\"\u003e"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1019",
"datePublished": "2022-04-19T20:38:25.000Z",
"dateReserved": "2022-03-17T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:29:16.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}