CVE-2025-13926 | An attacker could use data obtained by sniffing the network … | CVSS 9.8 CRITICAL

Description

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T.

Metadata

CVE ID: CVE-2025-13926
State: PUBLISHED
Assigner: icscert
Reserved: 2025-12-02 21:00 UTC
Published: 2026-04-09 19:47 UTC
Last updated: 2026-04-10 14:11 UTC
Primary CWE: CWE-807
CWE-807
Vendor / Product: Contemporary Controls / BASControl20
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Contemporary Controls	BASControl20	—	3.1

Weakness (CWE)

CWE	Source	Description
CWE-807	cna	CWE-807
CWE-807	adp	CWE-807 Reliance on Untrusted Inputs in a Security Decision

CVSS scores (2)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (3)