Around eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system, with seven of them being critical. The system is used in hundreds of organizations in education, healthcare, government, and transportation facilities.
The disclosed flaws
The vulnerabilities allow remote unlocking and locking of doors, undermining alarms, logging, and notification systems. The issues may allow attackers to gain full system control and perform operations such as manipulating door locks.
- One flaw (CVE-2022-31481) is an unauthenticated remote execution with a 10 out of 10 score on the CVSS scoring system.
- The other discovered flaws are tracked as CVE-2022-31479, CVE-2022-31486, CVE-2022-31480, CVE-2022-31482, CVE-2022-31484, CVE-2022-31485, and CVE-2022-31483.
- These flaws could lead to command injection, DoS, user modification, information spoofing, and arbitrary file-write.
The products impacted by the flaws include HID Mercury access panels sold by LenelS2: LNL-X2210 LNL-X2220, LNL-X3300, LNL-X4420, LNL-4420, S2-LP-1501, S2-LP-1502, S2-LP-2500, and S2-LP-4502.
Additional insights
- By chaining two weaknesses, experts could gain root-level privileges on the device, remotely control the doors, and successfully bypass monitoring protections.
- The exploitation of the flaws provides attackers access to the device and allows monitoring of all communications and changing of onboard relays and configuration files. It may result in device instability, along with a DoS condition.
Conclusion
Successful exploitation of these flaws may result in dangerous consequences for the industries using the affected products. Further, the exploitation may result in complete control of the targeted access control system. Thus, the CISA is suggesting users update access panels to the recent firmware version (CARR-PSA-006-0622).
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_395874832.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/0a19_shutterstock_415547047.jpeg)
