"Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier"

Carrier's LenelS2 HID Mercury access control system, which is widely used in healthcare, education, transportation, and government buildings, has been discovered to contain eight zero-day vulnerabilities. According to Trellix security researchers Steve Povolny and Sam Quinn, the vulnerabilities discovered allowed them to demonstrate the ability to remotely unlock and lock doors, manipulate alarms, and degrade logging and notification systems. The critical security flaws could be weaponized by a threat actor to gain complete system control, including the ability to control door locks. One of the bugs involves an unauthenticated remote execution vulnerability with a CVSS severity rating of 10 out of 10. The other flaws could lead to command injection, Denial-of-Service (DoS), user modification, information spoofing, and arbitrary file write. This article continues to discuss the critical flaws discovered in the Carrier's widely used LenelS2 HID Mercury access control system. 

THN reports "Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier"