According to this article, https://www.bleepingcomputer.
com/news/security/hvacking- remotely-exploiting-bugs-in- building-control-systems/, Security researchers have found a zero-day vulnerability in a popular building controller used for managing various systems, including HVAC (heating, ventilation, and air conditioning), alarms, or pressure level in controlled environments.
- Discovered using the automated software testing technique called “fuzzing,” the point of failure gives an attacker on the network full control of an unpatched system. They would be in a position to manage the various building controls connected to the vulnerable device
- The vulnerability is now tracked as CVE-2019-9569 and is a buffer overflow that leads to remote code execution when properly exploited
- Attacks can be launched even if the location of the target system on the network is unknown