Criminals could hack these zero-day flaws and hijack your office

A digital padlock on a blue digital background.

(Image credit: Shutterstock / vs148)

An industrial control system (ICS) was found to be carrying multiple high-severity flaws, which would allow potential threat actors to not only access the target endpoint - but to enable physical access to otherwise off-limits premises.

Cybersecurity researchers from Trellix recently dug into Carrier’s LenelS2 access control panels, manufactured by HID Mercury and, as per the researchers, used by organizations across healthcare, education, transportation, and government physical security.

What they found was a total of eight vulnerabilities, one of which even has the maximum vulnerability score of 10.

Attacking the hardware

“For this project, we anticipated a strong potential for finding vulnerabilities, knowing that the access controller was running a Linux Operating System and root access to the board could be achieved by leveraging classic hardware hacking techniques,” the researchers said in a blog post.

“While we believed flaws could be found, we did not expect to find common, legacy software vulnerabilities in a relatively recent technology.”

They first attacked the hardware, namely the built-in ports, which allowed them to access on-board debugging ports. From there, they managed to access the firmware and system binaries, which gave them the ability to reverse-engineer and live debug the firmware.

It’s then that the researchers found six unauthenticated and two authenticated vulnerabilities, all of which could be exploited remotely.

> Mitigating rising vulnerabilities in industrial control systems

> Critical US infrastructure 'can be hacked by anyone'

> Dubai becomes the first city in UAE to apply security standards for ICS

“By chaining just two of the vulnerabilities together, we were able to exploit the access control board and gain root level privileges on the device remotely,” the researchers further said.

“With this level of access, we created a program that would run alongside of the legitimate software and control the doors. This allowed us to unlock any door and subvert any system monitoring.”

Besides CVE-2022-31481, which has a severity score of 10, the researchers also discovered CVE-2022-31479, and CVE-2022-31483, with severity scores of 9.0 and 9.1, respectively.

Trellix, whose product was vetted by the US federal government, urged all customers to apply vendor-issued patches immediately.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.