Go to listing page

Multiple Critical Flaws in Carrier’s Access Control Systems

Multiple Critical Flaws in Carrier’s Access Control Systems
Around eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system, with seven of them being critical. The system is used in hundreds of organizations in education, healthcare, government, and transportation facilities.

The disclosed flaws

The vulnerabilities allow remote unlocking and locking of doors, undermining alarms, logging, and notification systems. The issues may allow attackers to gain full system control and perform operations such as manipulating door locks. 

The products impacted by the flaws include HID Mercury access panels sold by LenelS2: LNL-X2210 LNL-X2220, LNL-X3300, LNL-X4420, LNL-4420, S2-LP-1501, S2-LP-1502, S2-LP-2500, and S2-LP-4502.

Additional insights

  • By chaining two weaknesses, experts could gain root-level privileges on the device, remotely control the doors, and successfully bypass monitoring protections.
  • The exploitation of the flaws provides attackers access to the device and allows monitoring of all communications and changing of onboard relays and configuration files. It may result in device instability, along with a DoS condition.

Conclusion

Successful exploitation of these flaws may result in dangerous consequences for the industries using the affected products. Further, the exploitation may result in complete control of the targeted access control system. Thus, the CISA is suggesting users update access panels to the recent firmware version (CARR-PSA-006-0622).
Cyware Publisher

Publisher

Cyware