LenelS2 NetBox 2 Critical, 1 High Vulnerability Analyzed
Just days before Honeywell's mega-acquisition of Carrier Access was complete, they disclosed three vulnerabilities impacting Lenel S2's NetBox.
This report examines the practical risks of these vulnerabilities and the concerns they raise, including comments from Carrier and Honeywell and recommendations for mitigation.
Executive *******
*** ********* *************** *** * ******** signal *** ***** **'* ********** ** cybersecurity. **** **** **** *********** *********, including *** ************* ***** ********* *********, which *** * *********** / ******* risk *** **** **** ***** ** poor ******** *** **** * ****** and ****** **********.
******* ******** **** ** **** ***** vulnerabilities **** ********** *** ******** ** a *** ****************** ************** *******,**** **, **** *** ********* **** to ****, *** ***** *** ** ******* in *** ** *** ********** ** responses ** **** **** *** ***** involved **** **** **** ******* ********.
**** ********* **** ******* *** *** ownership **** ******* ** ***** *************** and *** ** ****** ** * 3rd ***** ** ******** ***** ******, which *** ***** / *********** **** practices. ****, ***** *** ***** ***** restrictions ** ***** ********, ** ** unlikely **** **** *********** **** ****** to **** *******, ****** **** ********, which *** ********* ********* ******** ****** and *** ** *********, ******* *** concern ** **** ***** ********* ***** / *************** ******.
*******, ***** *******'************ ********** ******, **** *** **** ********* *** worked **** **** ********* ****** ********** the *************** ** ****.
New ******** ********* ** ********
** *** ******** ****, * *** firmware ******* (*.*.*) **** *****/******* *** three *************** (*** ********, *** **** severity) ** *** ********* *** *** NetBox *********, ******* **** *** ******* mitigate ** ***** **** **** *** made *****. *******, ********** *** *****, the *********** ********* ****** ******** ******** ** ****(*** ******) **** **** *** *********** to ***** ********.
Suspect **** ******* ***** **********
******* ****, ** ******* **** **** NetBox ******* ****** ********** (*.*., **** assuming ********* ********) ****** ******* ** the **** ~*-* *****. ****, ***** remains * **** **** *************** / other ****** *** ***** ****** ** the ****** ***** *** ****** ******** release.
Carrier ******** - **** ** **********, ******** ** *********
**** ********* *******'* ***** **** ********* this, ** ********** *** ********** ***** *** *******. *******, **** only ********* ** ******* **** *** ******* ***** ********, **** ***** ********** we ******* **** *********'* ***** ****.
Honeywell ******** - ******* *****, ****** *******
**** ** ********* *********, **** *** not ****** *** ********* ******** *** stated *******'* **** "*********" *** *********, customers ****** ****** ***** *******, *** they **** ******** ** ******* *******:
***** *********** *************** **** ****** ******, Carrier’s ****** ****** ********* ******** ******** assessed *** ********* *** ******. ** is ********* *** *** ***** ** update ***** ******* ** ********* *********** deployment **********. *** ****** ****** ********* team *** ********* **** ******** ** support *** ********** ********* **** ****** updates.
Research ******** *************** ** ****
***** ** ***** ********* ** / how **** **** ******* **** *** researchers,****'* ************* **** ***** ** ******* **** 82 ** *** ********** *** *** report *** ***** ***************:
Vulnerabilities ********
** *** ********* *******, ** ****** each ** *** **** *** ***** practical *****.
Hard-Coded ***********, ******** ******** *.* (***-****-****)
****-***** *********** *** * *********** **** as **** *** **** ** ******* and ****** * ****** ***** ** failure. **** ** **** ***** *** heavily **********, **** ********** **** ******* hard-coded *********** *** ******* *********.
**** ************* ** *** **** ******** to ***** *******. ** ***** **** development ********* *** *** ********* **** of ************ ** **** ** ** does *** ******* ** ******** ** be *************.
**** ****** *** ** **** ******** with *** **********, **** ** * remotely ********** ****** **** *** **********. However, *** **** ******** **** *** specify **** *********** *** ****-*****, ** we ****** ****** *******:
******* ****** ****** ******* *** ***** monitoring ****** *** ********** ** ******* hard-coded *********** ** ******** ***** ** and ********* *.*.*, ***** ****** ** attacker ** ****** ************** ************.
****, **** ** *** ******* ******** responded ** *** ********* ********* **** to *******.
OS ******* *********, ******** ******** *.* (***-****-****)
*** **** ************* ********* *** **** Critical / ******** *** **** **** v4.0 ******** ***** ** *** ****-***** credential *************, *** *** ********* **** remains ****. *******, *** ****** ** moderately **** ******* ** *** ******** must ***** ******** ******. *********, ** can ** **** *************** *** ****** by **** *********** ********* ** ****** inputs *** *** ******** ********* / sanitized.
Argument ********* **** ******** *.* (***-****-****)
***** ***** *********** / ********* * high ******** ** *.*, *** ********* risk ** ************ ** ******-**-*** ** it ******** *** ******** ** ** authenticated. *******, **/**** *************, **** ************* will ***** ** ******** ** *** harmful ******** ** * ******.
* ***** **** ** *** ***** questions ********* ** ****. ***** ***** of ******* ****** *** **** **** public *********.
********* *** *********** ******** **** *****. *** **** **** own *******, *** ********* ****** ** be ** **** ********** ****? * hope **** **, *** *********'* ***** record **** *** ******* ********** ** this.
***'* **** ** **** ** **. They're ******** ** ******** *** **********, as ** ***** ****** ***** ********'/*******'* reputation ** *** ********. * **** they **, *** *** **** ****'* in *** *****. **** *** ****** been ** ***** ** *** ********. Manufacturers ***** ***** *** "*****" ***** products *** *** ****** ***** ** any ***** ** *************. *** ******** follows **** ********, *** *** **** who **, *** ***** * ********** in *** ******** ** ** *******.
****'** ******** ** ******** *** **********
****, **** ******* *** **, ****, the ********** ** *** ********* **. The **** ******** *** ** ******* they ***** **** ** ****** *********** of *** **** **** ******* ***** forward, ***** * ***** ***** **** them.
***, ****,*** ***** ********* ******** *** ************ Rational ********
* **** **** ****** *** **** basic ****** **** ********* ******** ****** prompts **** ** ***** ****** * password, *** ** *** ***** **** done. ******* *** ** ** ******** are ** ** ****, *** ****** well ********* ** ***** *****, *** this ** ********** ***** ******** ******** stuff **** ***** ** *** *****, and ***** * ** ***** **** it *** *** *********** ******.
**** ******* ***** ** ** ***** them **** * ***** ***** ***** solution? **** ****** * ** ***** that.
********** ***********. *** ** **** ** you **** ** ***** *** ********* sometime. *’** **** ******* ** ******* with **** *********** **** *** ************* solutions. ***** ** *** ** * pen **** ** ****** *** **** some ***** ***************. **** *** *** turn ** ****** **** ** ** Lenel ***.
**** *** ***** ******** ** *******, using ****-***** ********* ** *** ***** is ***** ***. *** ********* **** I ***** ******* ****** ****** ***:
*** **** ****** ********** ********* ********** ********* ***********, **.* ******** Vulnerability.
***** *** ********* *** ***** ********, but **** **** ***** **** **** years ***. *** ***** **** **** LenelS2's ************* ***** ** ** *** or ****** **** ****.