Headline
Vulnerabilities in Industrial Control Systems Lets Attackers Remotely Unlock Doors
By Deeba Ahmed In total, eight zero-day vulnerabilities have been detected in Carrier’s industrial control systems (ICS) which, if exploited, allow… This is a post from HackRead.com Read the original post: Vulnerabilities in Industrial Control Systems Lets Attackers Remotely Unlock Doors
****In total, eight zero-day vulnerabilities have been detected in Carrier’s industrial control systems (ICS) which, if exploited, allow attackers to take full system control, including “the ability for an attacker to remotely manipulate door locks.”****
Vulnerability researchers at XDR firm Trellix Threat Labs have discovered eight zero-day vulnerabilities in the commonly used industrial control systems provided by HVAC giant Carrier.
Researchers claim that these vulnerabilities impact the access control products using HID Mercury controllers and can allow hackers to unlock doors remotely. The 0-days are tracked as:
- CVE-2022-31479
- CVE-2022-31480
- CVE-2022-31481
- CVE-2022-31482
- CVE-2022-31483
- CVE-2022-31484
- CVE-2022-31485
- CVE-2022-31486
Image credit: Trellix
For your information, Trellix was launched in 2022 after the merger of FireEye and McAfee Enterprise.
Details of the Flaws
Among the eight 0-days, seven have been assigned high severity or critical rating, with most having a CVSS score of 7.5. Reportedly, the 0-days impact the LenelS2 Mercury access control panel that provides access to facilities and integration with complex building automation deployments.
LenelS2 is a subsidiary of Carrier and offers physical security solutions. Trellix researchers noted that all OEM partners using specific hardware controllers are impacted by these flaws.
Our research was performed on Carrier’s LenelS2 access control panels, manufactured by HID Mercury and used by organizations across healthcare, education, transportation, and government physical security. Through this work, we found eight zero-day vulnerabilities leading to full system control, including the ability for an attacker to remotely manipulate door locks.
Trellix – Blog Post
Researchers analyzed the flaws using reverse engineering of software and hardware hacking. Later, they developed a PoC (proof-of-concept) exploit to demonstrate how the attacker can unlock a door and disrupt monitoring systems.
More Smart and OT Flaw News
- Hacker uses Toy to Hack and Open Garage Doors in Seconds
- Master Key Hack Exploits Flaw in Key System to Unlock Hotel Rooms
- Using a laser on Alexa & Google Home hackers can unlock your front door
- Attackers Can Unlock Tesla Cars, Smart Devices by Exploiting Bluetooth Flaws
- PoC Shows IoT Devices Can Be Hacked to Install Ransomware on OT Networks
Potential Dangers
The flaws could be disruptive because Carrier’s LenelS2 Mercury panels are used by hundreds of organizations across crucial sectors, including health care, education, transportation, and even federal government agencies/organizations.
According to Trellix’s senior security researcher, Sam Quinn, these systems must not be exposed to the internet. These systems should be used with a firewall instead of directly connecting to the internet.
Furthermore, the flaws can be exploited for command injection, remote code execution, denial-of-service, writing arbitrary files, and information spoofing. Attackers can exploit most of the vulnerabilities without needing authentication. However, they would need a direct connection to the targeted system.
Carrier has already released patches and a detailed advisory on mitigation methods. Furthermore, the US CISA (Cybersecurity and Infrastructure Security Agency) also published an advisory to warn organizations about the potential risk caused by the flaws.
- Sensitive Data: Securing Your Most Important Asset
- Experts Show How Easy It Is To Hack Home, Industrial Robots Remotely
- Hackers-for-hire using malicious 3Ds Max plugin for industrial espionage
- Ukraine Thwart Russian Industroyer 2 Malware Attack on Energy Provider
- Crash Override – The 2nd industrial malware to target Ukraine’s power supply
Related news
Vendor addresses threat to integrity and availability of physical access systems
Manufacturer addresses threat to integrity and availability of physical access systems sold by LenelS2
As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security
As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security
As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security
As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security
As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security
As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security
As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security
As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.