Contemporary Controls BASC 20T
Summary
A critical vulnerability (CVE-2025-13926) has been identified in Contemporary Controls BASC 20T devices, specifically version BASControl20 3.1. Successful exploitation could allow an attacker to gain control over the PLC's functionality, including reconfiguring, renaming, deleting, file transfers, and making remote procedure calls.
IFF Assessment
This vulnerability is critical and has a high CVSS score, indicating a significant threat to industrial control systems.
Severity
The CVSS score of 9.8 reflects the critical severity of the vulnerability, which allows for extensive remote control over critical infrastructure components with minimal attack complexity.
Defender Context
This vulnerability affects critical infrastructure sectors, posing a significant risk to operational technology environments. Defenders should be aware of the potential for attackers to gain deep control over PLCs, enabling disruption or manipulation of industrial processes. Given the product is obsolete, migration to secure alternatives should be prioritized.