Security researchers found a remotely exploitable critical vulnerability in a building management system used by businesses, hospitals, factories and other organizations to control things like ventilation, temperature, humidity, air pressure, lighting, secure doors and more. The vendor has released a firmware update, but hundreds of these systems are still exposed on the internet, highlighting the risks of remote management for ICS devices.
[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ]The vulnerability, tracked as CVE-2019-9569, was discovered by researchers from security firm McAfee and affects enteliBUS Manager (eBMGR), a control system that can be used to manage different I/O switches connected to things like sensors, alarms, motors, locks, valves and other industrial equipment. The system can also serve as a router for linking multiple Building Automation Control Network (BACnet) segments.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
