CNNVD-202511-2981 Information

Nov 27, 2025 cve

CNNVD ID

CNNVD-202511-2981

CVE-2024-5540

CNNVD Published: 2025-11-27

Description (Chinese)

Automated Logic WebCtrl是美国Automated Logic公司的一个基于 Web 的楼宇自动化系统的服务器。Carrier i-Vu是美国Carrier公司的一个楼宇管理系统平台。 Automated Logic WebCtrl和Carrier i-Vu 8.0之前版本存在安全漏洞，该漏洞源于登录面板存在反射型跨站脚本，可能导致客户端浏览器被攻击。

Description (English)

Automated Logic WebCtrl is the server for a Web-based building automation system of the American company Automated Logic. Carrier i-Vu is a building management system platform of the United States company Carrier. There was a security loophole in previous versions of Automated Logic WebCtrl and Carrier i-Vu 8.0, which stemmed from the reflection-type cross-site script of the login panel, which could lead to an attack on the client-end browser.

Hazard Level

High

Vulnerability Type

其他

Published

2025-11-27

Last Modified

2026-02-24

References

https://www.corporate.carrier.com/product-security/advisories-resources/

Patch

https://www.corporate.carrier.com/product-security/advisories-resources/

Share on: