CVE-2025-0657 in WebCtrl
Summary
by MITRE • 11/27/2025
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 11/30/2025
The vulnerability identified as CVE-2025-0657 represents a critical weakness in the Automated Logic and Carrier i-Vu Gen5 router firmware, specifically affecting driver version drv_gen5_106-01-2380. This issue resides within the BACnet MS/TP network protocol implementation, which is widely used in building automation and control systems. The affected devices operate within industrial control environments where network reliability and continuous operation are paramount for maintaining building services such as heating, ventilation, air conditioning, lighting, and security systems. The vulnerability stems from inadequate input validation mechanisms within the router's BACnet protocol stack, particularly in how it processes incoming packets on the MS/TP network segment.
The technical flaw manifests when malformed BACnet MS/TP packets are transmitted to the affected router, exploiting a lack of proper packet validation and error handling within the device's network processing logic. According to CWE-129, this vulnerability falls under improper input validation, specifically where the system fails to properly validate the structure and content of incoming network packets before processing them. The router's failure to implement robust packet filtering and sanitization allows these malformed packets to trigger an internal state machine failure, causing the device to enter a fault state that renders it non-responsive to network traffic. This behavior aligns with ATT&CK technique T1499.001 which describes network denial of service attacks targeting network infrastructure components.
The operational impact of this vulnerability is significant within building automation environments where the affected routers serve as critical network bridges between different protocol domains. When a device enters the fault state, it becomes completely invisible to network management systems and other connected devices, effectively isolating it from the broader building automation network. The requirement for manual power cycling to restore normal operation creates a substantial operational risk, particularly in mission-critical facilities where extended downtime can result in service disruptions, safety hazards, or financial losses. This vulnerability particularly affects environments that rely on continuous building automation system operation, such as hospitals, data centers, and critical infrastructure facilities where network reliability is essential.
Mitigation strategies for CVE-2025-0657 should focus on immediate network segmentation and monitoring to prevent unauthorized packet injection into BACnet MS/TP networks. Organizations should implement network access controls and packet filtering rules to restrict BACnet traffic to authorized sources only, utilizing network segmentation techniques to isolate critical building automation systems. The recommended approach includes deploying network intrusion detection systems that can monitor for anomalous BACnet traffic patterns and implementing firmware updates from the vendor as soon as patches become available. According to NIST SP 800-41, network administrators should establish baseline network behavior monitoring to detect deviations that might indicate exploitation attempts. Additionally, implementing redundant network paths and backup communication mechanisms can help maintain system availability during potential exploitation events, while regular network audits should verify that only authorized devices are present on BACnet MS/TP segments to prevent unauthorized access points from being exploited.