CVE-2019-9569 and the Real Danger of HVACking
CYBER NOTICIAS

CVE-2019-9569 and the Real Danger of HVACking

1 Star2 Stars3 Stars4 Stars5 Stars (1 votos, promedio: 4.00 de 5)
Cargando ...

There’s a new potential threat endangering our physical security, and it’s known as HVACking.

The term was coined by McAfee Labs researchers who discovered a zero-day security flaw in a widely used building controller designed to manage various systems. These systems include HVAC (heating, ventilation, and air conditioning), alarms, and pressure level in controlled environments. The vulnerability is tracked under the CVE-2019-9569 advisory.




Según el informe de los investigadores, they recently investigated an industrial control system (ICS) produced by Delta Controls:

The product, called “enteliBUS Manager”, is used for several applications, including building management. Our research into the Delta controller led to the discovery of an unreported buffer overflow in the “main.so” library. This flaw, identified by CVE-2019-9569, ultimately allows for remote code execution, which could be used by a malicious attacker to manipulate access control, pressure rooms, HVAC and more.

The researchers reported their findings to Delta Controls on December 7th, 2018. "Within just a few weeks, Delta responded, and we began an ongoing dialog while a security fix was built, tested and rolled out in late June of 2019. We commend Delta for their efforts and partnership throughout the entire process", los expertos dijeron.

More about CVE-2019-9569

En breve, CVE-2019-9569 is a buffer overflow that can lead to remote code execution when it is exploited sufficiently. It took some time for the research team to collect enough data and create a working exploit. One of the peculiar discoveries based on the attack attempts is that an attack can happen even when the location of the targeted system on the network is not known.

Relacionado:
De acuerdo con un nuevo informe de riesgos aplicados llevada a cabo por el investigador de seguridad Alexandru Ariciu, ?multiple vulnerabilities were found in MOXA E1242 Ethernet remote I/O series used in factory automation.? The vulnerabilities can trigger code injection in the web application, and...Read more
Automatización de Fábrica Las vulnerabilidades podrían desencadenar la inyección de código

For this to be possible, the attack uses the so-called broadcast traffic, meaning that the attack can be launched without knowing the location of the targets on the network.

Sin embargo, if the attacker knows the IP address of the device, the exploit can be carried out over the Internet, increasing its impact exponentially, noted Mark Bereza of McAfee in una entrada de blog summarizing the vulnerability. divulgación técnica completa is also available.

avatar

Milena Dimitrova

Un escritor inspirado y gestor de contenidos que ha estado con SensorsTechForum de 4 año. Disfruta ‘Sr.. Robot’y miedos‘1984’. Centrado en la privacidad de los usuarios y el desarrollo de malware, ella cree firmemente en un mundo donde la seguridad cibernética juega un papel central. Si el sentido común no tiene sentido, ella estará allí para tomar notas. Esas notas pueden convertirse más tarde en artículos!

Más Mensajes

Dejar un comentario

Su dirección de correo electrónico no será publicada. Los campos necesarios están marcados *

Se agotó el tiempo límite. Vuelve a cargar de CAPTCHA.

Compartir en Facebook Compartir
Cargando ...
Compartir en Twitter Pío
Cargando ...
Compartir en Google Plus Compartir
Cargando ...
Compartir en Linkedin Compartir
Cargando ...
Compartir en Digg Compartir
Compartir en Reddit Compartir
Cargando ...
Compartir en Stumbleupon Compartir
Cargando ...