CISA 2026-04-09

Contemporary Controls BASC 20T

CVE-2025-13926

Machine-generated analysis · WAYSCloud LLM

The advisory notes that the affected BASC 20T is an obsolete product. Exploitation could allow complete control via forged network packets.

Context

The Contemporary Controls BASC 20T is a PLC used in commercial facilities, critical manufacturing, and energy sectors worldwide. The vulnerability allows an attacker to forge packets and make arbitrary requests to the device, potentially enabling reconfiguration, file manipulation, and remote procedure calls. The vendor states the product is obsolete and recommends contacting them for information.

Operator considerations

Check: Inventory for BASControl20 version 3.1 systems.
Isolate: Segment affected devices from untrusted networks.
Patch: Contact Contemporary Controls for mitigation guidance as the product is obsolete.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could allow an attacker to enumerate the functionality of each component associated with the PLC, reconfigure, rename, delete, perform file transfers, and make remote procedure calls.

The following versions of Contemporary Controls BASC 20T are affected:

BASControl20 3.1 (CVE-2025-13926)

Vendor

Equipment

Contemporary Controls Sedona Alliance

Contemporary Controls BASC 20T

Reliance on Untrusted Inputs in a Security Decision

Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy

Countries/Areas Deployed: Worldwide

Company Headquarters Location: United States

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T.

Contemporary Controls BASC 20T

MitigationAccording to Contemporary Controls, the BASC-2...

Read the full advisory on CISA →