CVE-2025-13926
Packet Forgery via Network Sniffing in Contemporary Controls BASC 20T
Publication date: 2026-04-09
Last updated on: 2026-04-10
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| contemporary_controls | basc_20t | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-807 | The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-13926 is a critical vulnerability affecting the Contemporary Controls BASC-20T product, which is now obsolete.
An attacker who successfully exploits this vulnerability can use data obtained by sniffing network traffic to forge packets and make arbitrary requests to the device.
This allows the attacker to enumerate the functionality of each component associated with the programmable logic controller (PLC), as well as to reconfigure, rename, delete components, perform file transfers, and execute remote procedure calls.
How can this vulnerability impact me? :
Exploitation of this vulnerability poses a high risk to critical infrastructure sectors such as Commercial Facilities, Critical Manufacturing, and Energy.
An attacker could disrupt operations by modifying or deleting components, transferring files, or executing unauthorized commands remotely.
This could lead to operational downtime, loss of control over industrial processes, and potential safety hazards.
CISA recommends minimizing network exposure of affected devices by ensuring they are not accessible from the internet, placing control system networks behind firewalls, isolating them from business networks, and using secure remote access methods such as up-to-date VPNs.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious activity related to the Contemporary Controls BASC-20T device, such as unusual packet forging or arbitrary requests to the device.
CISA recommends monitoring network traffic for signs of enumeration, reconfiguration, renaming, deletion of components, file transfers, or remote procedure calls that are unexpected or unauthorized.
Specific commands are not provided in the available resources, but general network monitoring tools like Wireshark or tcpdump can be used to sniff network traffic and identify suspicious packets targeting the BASC-20T device.
Additionally, implementing internal procedures to detect and report suspicious activity is advised.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include minimizing network exposure of all control system devices, ensuring that the BASC-20T device is not accessible from the internet.
Place control system networks behind firewalls and isolate them from business networks to reduce attack surfaces.
If remote access is necessary, use secure methods such as up-to-date VPNs, while being aware that VPNs themselves may have vulnerabilities.
Perform impact analysis and risk assessments before deploying defensive measures.
Follow CISAβs guidance on industrial control systems cybersecurity, implement defense-in-depth strategies, and monitor for suspicious activity with established internal procedures.
Users of the affected BASC-20T product should contact Contemporary Controls for further remediation information.
Guard against social engineering attacks by avoiding unsolicited email links and attachments.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not explicitly address how CVE-2025-13926 affects compliance with common standards and regulations such as GDPR or HIPAA.