CVE 9.8 CRITICAL

Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision_CVE-2025-13926

April 12, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An attacker could use data obtained by sniffing the network traffic to
forge packets in order to make arbitrary requests to Contemporary
Controls BASC 20T.

AI Analysis

Unauthenticated attacker can forge packets to make arbitrary requests

Basic Information

ID CVE-2025-13926

Source icscert

Published Apr 9, 2026 at 19:47

Modified Apr 10, 2026 at 14:11

Affected Product

Vendor Contemporary Controls

Product BASControl20

Version 3.1

Affected Versions Contemporary Controls BASControl20 3.1

CWE Classification

CWE-807

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Contemporary Controls

Product BASControl20

Version 3.1

References

{
    "lastseen": "",
    "description": "An attacker could use data obtained by sniffing the network traffic to \nforge packets in order to make arbitrary requests to Contemporary \nControls BASC 20T.",
    "published": "2026-04-09T19:47:17.841Z",
    "modified": "2026-04-10T14:11:21.320Z",
    "type": "cve",
    "title": "Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision",
    "source": "icscert",
    "references": "https://www.ccontrols.com/support/contacttech.htm\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-099-01\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-099-01.json",
    "id": "CVE-2025-13926",
    "bulletinFamily": "",
    "cwe": [
        "CWE-807"
    ],
    "cvelist": null,
    "sourceData": "Contemporary Controls BASControl20 3.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BASControl20",
    "version": "3.1",
    "vendor": "Contemporary Controls",
    "ai_description": "Unauthenticated attacker can forge packets to make arbitrary requests",
    "ai_severity": "Critical",
    "ai_vendor": "Contemporary Controls",
    "ai_product": "BASControl20",
    "ai_version": "3.1",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply