According to this article, https://www.bleepingcomputer.
com/news/security/hvacking- remotely-exploiting-bugs-in- building-control-systems/, Security researchers have found a zero-day vulnerability in a popular building controller used for managing various systems, including HVAC (heating, ventilation, and air conditioning), alarms, or pressure level in controlled environments.
- Discovered using the automated software testing technique called “fuzzing,” the point of failure gives an attacker on the network full control of an unpatched system. They would be in a position to manage the various building controls connected to the vulnerable device
- The vulnerability is now tracked as CVE-2019-9569 and is a buffer overflow that leads to remote code execution when properly exploited
- Attacks can be launched even if the location of the target system on the network is unknown
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
