THE ICS Advisory titled Contemporary Controls BASC 20T carries the release date 9 April 2026 and identifies a vulnerability affecting Contemporary Controls BASC 20T, specifically BASControl20: 3.1 (CVE-2025-13926). According to Contemporary Controls, the BASC-20T is an obsolete product, and the mitigation recommended is for users of the affected product to contact the company for additional information.
The advisory explains that a successful exploitation could allow an attacker to enumerate the functionality of each component linked to the PLC, reconfigure, rename, delete, perform file transfers, and make remote procedure calls. The CVSS v3.1 Base Score is 9.8, categorising the vulnerability as CRITICAL, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products include Contemporary Controls BASC 20T, with the vulnerability described as enabling an attacker to forge packets by sniffing network traffic to make arbitrary requests to BASC 20T.