Threat Update on Remote Root Vulnerability in HID Door Controllers

There’s been a recent development in the threat environment around the Remote Root Vulnerability in HID Door Controllers that we wanted to alert customers to.

You might recall on March 30, 2016, our Zero Day Initiative published an advisory around a vulnerability that Ricky “HeadlessZeke” Lawshae with our DVLabs group discovered. This was for a Remote Root Vulnerability in HID VertX and Edge Controllers. If exploited, the vulnerability could allow an attacker to take complete control of the system. In practical terms, this means that an attacker who is able to get network packets to the door controller system could effectively defeat the system and unlock doors among other things.

Fortunately the vendor had a patch for these systems available at the time of our disclosure.

However, since our disclosure we have seen researchers put together proof of concept code that can be used to identify vulnerable systems.

We are still not aware of any attacks against these systems. However, proof of concept code does represent a potential increase in the threat environment against this vulnerability: malicious parties can potentially use the information in the proof of concept code to develop more harmful or malicious code.

Anyone that is using the HID VertX and/or Edge systems who has not deployed the update for this vulnerability should do so right away. If you are a Trend Micro TippingPoint customer, you’ve been protected against this vulnerability since September 22, 2015 with Digital Vaccine filter 20820 and can use this protection while you test and deploy this update to your HID VertX and/or EdgeDoor systems.

We will continue to monitor the threat environment around this issue and provide updates when appropriate.
Please add your thoughts in the comments below or follow me on Twitter@New Tech Founder