In total, eight zero-day vulnerabilities have been detected in Carrier’s industrial control systems (ICS) which, if exploited, allow attackers to take full system control, including “the ability for an attacker to remotely manipulate door locks.”
Vulnerability researchers at XDR firm Trellix Threat Labs have discovered eight zero-day vulnerabilities in the commonly used industrial control systems provided by HVAC giant Carrier.
Researchers claim that these vulnerabilities impact the access control products using HID Mercury controllers and can allow hackers to unlock doors remotely. The 0-days are tracked as:
For your information, Trellix was launched in 2022 after the merger of FireEye and McAfee Enterprise.
Details of the Flaws
Among the eight 0-days, seven have been assigned high severity or critical rating, with most having a CVSS score of 7.5. Reportedly, the 0-days impact the LenelS2 Mercury access control panel that provides access to facilities and integration with complex building automation deployments.
LenelS2 is a subsidiary of Carrier and offers physical security solutions. Trellix researchers noted that all OEM partners using specific hardware controllers are impacted by these flaws.
Our research was performed on Carrier’s LenelS2 access control panels, manufactured by HID Mercury and used by organizations across healthcare, education, transportation, and government physical security. Through this work, we found eight zero-day vulnerabilities leading to full system control, including the ability for an attacker to remotely manipulate door locks.Trellix – Blog Post
Researchers analyzed the flaws using reverse engineering of software and hardware hacking. Later, they developed a PoC (proof-of-concept) exploit to demonstrate how the attacker can unlock a door and disrupt monitoring systems.
More Smart and OT Flaw News
- Hacker uses Toy to Hack and Open Garage Doors in Seconds
- Master Key Hack Exploits Flaw in Key System to Unlock Hotel Rooms
- Using a laser on Alexa & Google Home hackers can unlock your front door
- Attackers Can Unlock Tesla Cars, Smart Devices by Exploiting Bluetooth Flaws
- PoC Shows IoT Devices Can Be Hacked to Install Ransomware on OT Networks
The flaws could be disruptive because Carrier’s LenelS2 Mercury panels are used by hundreds of organizations across crucial sectors, including health care, education, transportation, and even federal government agencies/organizations.
According to Trellix’s senior security researcher, Sam Quinn, these systems must not be exposed to the internet. These systems should be used with a firewall instead of directly connecting to the internet.
Furthermore, the flaws can be exploited for command injection, remote code execution, denial-of-service, writing arbitrary files, and information spoofing. Attackers can exploit most of the vulnerabilities without needing authentication. However, they would need a direct connection to the targeted system.
Carrier has already released patches and a detailed advisory on mitigation methods. Furthermore, the US CISA (Cybersecurity and Infrastructure Security Agency) also published an advisory to warn organizations about the potential risk caused by the flaws.
More Topics Related to Industrial Flaws
- Sensitive Data: Securing Your Most Important Asset
- Experts Show How Easy It Is To Hack Home, Industrial Robots Remotely
- Hackers-for-hire using malicious 3Ds Max plugin for industrial espionage
- Ukraine Thwart Russian Industroyer 2 Malware Attack on Energy Provider
- Crash Override – The 2nd industrial malware to target Ukraine’s power supply