Subscriber Discussion

HID Mercury Potential Cybersecurity Vulnerabilities

Anyone have any further information besides the released info sent out?

Independent penetration testing of HID® Mercury™ access panels has detected potential cybersecurity vulnerabilities. Initial assessment of these vulnerabilities is that they could lead to disruption of normal panel operations. Full assessment of the potential impacts remains in process.

Agree
Disagree
Informative: 2
Unhelpful
Funny
Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.

* ***'* *** ******** *** *****'* ******** ****** ****.

***** *** *** *** ****? *** that **** ** ********?

Agree
Disagree
Informative
Unhelpful
Funny

***. **** *****/**

Agree
Disagree
Informative
Unhelpful
Funny

**'** ******* *** ** *** *** will ****** ** **** ***** ********.

Agree
Disagree
Informative
Unhelpful
Funny

******* **** **** ** ******* **** morning. *** ***** *** *** ********* to **, *** *'* ******* ** this. *** ************* ******* ** ** on *** ** / *** ********** / '****** *' ******:

******: *** ******* ****** ***** ************* Statement *** **********

*********** *********** ******* ** ***® *******™ access ****** **** ** ******* *** detected ********* ************* ***************. *** ******* assessment ** ***** *************** ** **** they ***** **** ** ********** ** normal ***** **********. **** ********** ** the ********* ******* ******* ** *******.

******* ************* *********

******* ** *********** **** *** ******* are ******* ******* *** ********** ** investigate *** ******* *** ********* ******* of *** ********** *************** ****** *** product *********. *** ******* ******** ******** Response **** (*****) ************* ******** **** the ********* ******* **** ******* *** impacted:

· ***-*****

· ***-*****

· ***-*****

· ***-*****

· ***-****

· **-**-****

· **-**-****

· **-**-****

· **-**-****

******** ***** ****** ****** ** *** most ******* ******** ********, ********* ** LenelS2 ******* ****** *** ******* ******* Central, ** **** ** ******** ********* several ** *** ******** ******.

********** ******** ******* **** ** **** available ** *** ****** ****** ** incrementally ******* *** ********* ******. ******* will ******* ********** ************** **** ***** firmware ******** ****** *********.

*** ******* ********* ***-** *** *** Mercury ******** *.*.**

* *** ******* ** *******® *** Mercury ********, *** ********* ***-** *** Mercury ******** *.*.**, ** ********* *** download ** ******* ******* ******. ****** note **** **** **** *******, ** are ***** * ****** ** ******** that ********* ******** **** ******** ******** to ******* **** *********** ** ******* releases ** ****** ** **** ** possible.

********* ***-** *** ******* ******** *.*.** includes ******** ************* ******* *** *** X-Series ***********’ ************* *** *****. ** is ****** *********** **** *-****** *********** be ******* ** *.**.* ** **** as ******** ** ******** *** ********* for ************* **********. ******* *** ** the ******* ******* *****. *** ***** firmware ***** ** **** ***-** ****** the **** ** ******** *******.

** ****** *** ***-** ******** ******** and ******* *****, ****** ***** *****:

· *** ** ** ******* ****** at***** ******* ****** | *****

· ** ** *** ********* *******.

· **** *** ******** ****, ****** LenelS2 ********, **** ********.

· ******* **** *** ** ******* on *** ****, **** **** ***-** Firmware ******* ** * ******* ******** to **. *** ********, ** ** the ******* ****** “******* ******** ***-**”, which **** ** ****** **** *** top (***** *** ******** *****)

· ** **** *******, ****** *** download *** .*** **** ****** “********* Add-On ******* ******** *.*.**,”, ***** ******** three *****: * ****.** **** **** installation ************ *** *** **** ** files **** **** ** *********; *** associated ******* ***** *** **** ******** Add-On; *** ** *** **** **** contains *** *** ******** *****.

· **** *** *** **** ** executed, * ****** ** *** ******** files **** ** *********, *** *** firmware **** ** ********* **** *** files ******** ** *** *********.

· ****** *** ******** *** ******* Notes, ***** *** ** ***** ** this **** **** ** ******* ******, under *** ******* ******* “******* ******** Release *****,” *** ****** ******* ******* FW ******* ***** - *.*.**.

*** *** *** ********, **** *** the ******* *****:

*.**.*

New ********

****

Resolved ******

******** ** ***** ***** ****** ******* buffers ***** ** ********* *** **** to **** **** **** ***** **

*********** *********** **** **** **** *** rapid ******** (********).

Security ******** ************ (********** ******* *********)

******** **** ****** ********.

******** ******** ******** ********.

******** ** ***** ***** ** ******** command ***** ** **** ** ** intelligent **********.

******** ** ***** ***** ***** ***** be *************** ******* **** ** *********** controller.

Agree
Disagree
Informative: 2
Unhelpful
Funny

**... ********** **** *** * ****** about **** ******** ****** * ***** ago.

*'* * ****** ******** ** "**** assessment ** *** ********* ******* ******* in *******." *** "******* ** *********** with *** ******* *** ******* ******* and ********** ** *********** *** ******* any ********* *******". ************* ***'* ******* make ******** ****** ***** **** **** patches ** *** **. * ****** if *** *********** ********** ** ***** to ******** *** **** *******?

*'* **** * ****** ******* *** there *** ** *** ******* *********.

Agree
Disagree
Informative
Unhelpful
Funny

*****/** *** * ******** ****** ********* for ********.

Agree
Disagree
Informative: 1
Unhelpful
Funny

***** *****,

****** *** ****. ****** ** ***** out ** ***-******* *** *** * timely ******** **** **** ** **** scoring * *** *****. * **** the **** **** **** *********** *** responsive.

Agree: 2
Disagree
Informative
Unhelpful
Funny

* **** *** **** **** ** find *** ***** **** ***.

Agree
Disagree
Informative: 1
Unhelpful
Funny

***/******* *********, *** **** *** *** give ****** ** *** ******** *** made ** ***** **** *** ******* reaction/notification/patch ***** ** ******* ***** *** allowing **** ** ******* *** ****** response.

***'* *****:

** ******** ******* ******** ******** *** are ********* ** ********** **** **** their *********** ** *** *********** ******** security ********. ******* ** ** **** platform **** * **** ***** ** partners, **** **** *** *** *********** schedule *** ************* ************* ********. ******** will **** ** ******* *** ** will ******** ** **** ******* *** customers ** ******* *** ******* *** any ****** ******* ******* ***** ********** dealer ********.

******* ** *** ****** ******* ** what *** **** ** *** *** not ********** ******** ** (** *********** the ***** **** ******* ** *** sold ** *** ******, *** ********).

* **** ***** ******* *** * list ** ******** ******** *** ******* firmware ******** **** **** *** *** for **** ***** *** **** ****** here ** *** ********.

Agree
Disagree
Informative
Unhelpful
Funny

***** *** *****,

** *** ******* **** *** ** our ******* **** **** ********* *** stipulated ****** *** ******** *** **** if ***** ** ******** ***** **** it ********. ** *** ******** *** firmware ****** ********* ******* *** ***** portal ** ******* ********** **.

Agree
Disagree
Informative
Unhelpful
Funny