GCVE - cpe:2.3:a:carrier:i-vu:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:carrier:i-vu:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Carrier (`4f192991-d852-5560-a7e4-614ce7fd9279`)
Product	I Vu (`596c8ee0-a4a3-5bf4-89fe-65e3f2e68d9f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-14295`	vulnerable	2026-06-03 14:58:55.039274	Automated Logic WebCTRL and Carrier i-Vu Session Fixation Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a recoverable format which makes them subject to password reuse attacks by malicious users.This issue affects WebCTRL: from 6.0 through 9.0; i-Vu: from 6.0 through 9.0. Published: 2026-01-22T12:52:14.611Z Updated: 2026-01-22T20:22:40.322Z Open on db.gcve.eu Reference links https://www.corporate.carrier.com/product-security/advisories-resources/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0657`	vulnerable	2026-06-03 14:58:32.587178	ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility. Published: 2025-11-27T01:00:59.653Z Updated: 2025-11-28T19:34:27.510Z Open on db.gcve.eu Reference links https://www.corporate.carrier.com/product-security/advisories-resources/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8528`	vulnerable	2026-06-03 14:58:18.647375	ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized. Published: 2025-11-19T13:18:35.293Z Updated: 2025-11-19T15:15:57.698Z Open on db.gcve.eu Reference links https://www.corporate.carrier.com/product-security/advisories-resources/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8527`	vulnerable	2026-06-03 14:58:18.646863	ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions. Published: 2025-11-19T13:17:01.911Z Updated: 2025-11-19T16:05:46.478Z Open on db.gcve.eu Reference links https://www.corporate.carrier.com/product-security/advisories-resources/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8526`	vulnerable	2026-06-03 14:58:18.645453	Automated Logic WebCTRL and Carrier i-Vu Open Redirect A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp" Published: 2024-11-21T15:29:55.681Z Updated: 2024-11-21T17:38:33.315Z Open on db.gcve.eu Reference links https://www.corporate.carrier.com/product-security/advisories-resources/ https://www.cisa.gov/news-events/ics-advisories/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8525`	vulnerable	2026-06-03 14:58:18.644858	Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file. Published: 2024-11-21T15:32:55.593Z Updated: 2024-11-21T17:37:57.529Z Open on db.gcve.eu Reference links https://www.corporate.carrier.com/product-security/advisories-resources/ https://www.cisa.gov/news-events/ics-advisories/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5540`	vulnerable	2026-06-03 14:57:53.066346	ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser . Published: 2025-11-27T01:02:48.953Z Updated: 2025-11-28T19:34:17.123Z Open on db.gcve.eu Reference links https://www.corporate.carrier.com/product-security/advisories-resources/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5539`	vulnerable	2026-06-03 14:57:53.065811	ALC WebCTRL Carrier i-Vu Access Control Bypass The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the web based building automation server. Published: 2025-11-27T01:02:30.525Z Updated: 2025-11-28T19:34:22.248Z Open on db.gcve.eu Reference links https://www.corporate.carrier.com/product-security/advisories-resources/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.