Researcher Discovers Critical Vulnerabilities In Building Management Systems

A researcher has found over 100 security vulnerabilities that could cripple some buildings systems. These vulnerabilities allegedly existed in Building Management Systems (BMS) and similar tools offered by all major vendors.

Vulnerabilities In Building Management Systems

Reportedly, the researcher Gjoko Krstic from the security firm Applied Risk conducted a deep study on building control systems from different vendors. According to his report, more than 100 security vulnerabilities  existed in those systems. The affected software specifically included Building Management Systems (BMS), and Building Automation Systems (BAS), and access control products.

As reported by Security Week, the researcher conducted a year-long study on products from Computrols, Prima Systems, Nortek, and Optergy. The tested products included Computrols CBAS-Web, Prima FlexAir, two Linear eMerge products from Nortek, and Optergy Proton/Enterprise.

During his study, Krstic found more than 100 security flaws in these products, which have received 50 CVE identifiers. These include numerous critical flaws that could allow an unauthenticated attacker to gain complete control of the target systems. The researcher presented his study during the SecurityWeek’s ICS Cyber Security Conference, held from April 16 to 18, 2019, in Singapore. As revealed by Krstic,

The execution of such attacks enables an unauthenticated attacker to access and manipulate doors, elevators, air-condition systems, windows blinds, cameras, boiler, PLCs, lights, alarm system in an entire building.

These vulnerabilities could impact 10 million people by a total compromise of critical residential and public facilities such as hospitals, banks, government buildings, and industrial setups.

Regarding the kind of vulnerabilities, Eduard Kovacs of Security Week stated,

The vulnerabilities include default and hardcoded credentials, command injection, cross-site scripting (XSS), path traversal, unrestricted file upload, privilege escalation, authorization bypass, clear-text storage of passwords, cross-site request forgery (CSRF), arbitrary code execution, authentication bypass, information disclosure, open redirect, user enumeration, and backdoors.

Patches Underway

The researcher has allegedly notified the vendors about the vulnerabilities in their products, with the exception of Nortek, owing to their notorious reporting process. Nonetheless, the firm confirmed to Security Week that they have already patched the flaws.

Applied Risks has published dedicated security advisories for every impacted product. Whereas, they have planned to publish the full paper with all technical details in June this year.

This isn’t the first time that vulnerabilities have been discovered in building management systems. Researchers have also reported such anomalies in BMS in the past years as well.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients