Network Packet Forgery Vulnerability in Contemporary Controls BASC 20T
CVE-2025-13926

9.3CRITICAL

Key Information:

Vendor

Contemporary Controls

Status
Bascontrol20
Vendor
CVE Published:
9 April 2026

What is CVE-2025-13926?

A vulnerability has been identified in the Contemporary Controls BASC 20T, enabling malicious actors to exploit network traffic data. By intercepting and manipulating this data, attackers can forge packets to initiate arbitrary requests, potentially compromising the security and integrity of the affected system. It is crucial for users to implement robust security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

BASControl20 3.1

References

https://www.ccontrols.com/support/contacttech.htm
https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...
https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Joseph Fields of Naval Information Warfare Center Pacific reported this vulnerability to CISA.
.