Contemporary Controls BASC 20T Vulnerability Advisory

Posted Apr 9, 2026

By ictsec.pl

1 min read

Contemporary Controls BASC 20T Vulnerability Advisory 🚨

On April 9, 2026, CISA published an advisory regarding a critical vulnerability in the Contemporary Controls BASC 20T. This vulnerability could allow attackers to exploit the functionality of the PLC components, enabling them to reconfigure, rename, delete, perform file transfers, and make remote procedure calls.

Affected Versions:

BASControl20 3.1 (CVE-2025-13926)

Attackers may use data obtained from sniffing network traffic to forge packets and make arbitrary requests to the BASC 20T. The affected products include:

Contemporary Controls BASC 20T
Contemporary Controls Sedona Alliance BASControl20: 3.1

Impacted Sectors:

This vulnerability impacts critical infrastructure sectors, including:

Commercial Facilities
Critical Manufacturing
Energy

Recommendations:

CISA recommends the following defensive measures to minimize the risk of exploitation:

Minimize network exposure for all control system devices.
Ensure devices are not accessible from the internet.
Isolate control system networks from business networks using firewalls.
Use secure methods for remote access, such as VPNs, while keeping them updated.

Organizations should perform proper impact analysis and risk assessment before deploying defensive measures. For more information, visit the CISA ICS webpage.

For the complete article, see: Read full article

CYBERSECURITY

This post is licensed under CC BY 4.0 by the author.

Contemporary Controls BASC 20T Vulnerability Advisory 🚨

Affected Versions:

Impacted Sectors:

Recommendations:

Trending Tags