How hackers can take over your apartment via intercom: new vulnerabilities in QuickBlox and Honeywell Experion
Nine critical vulnerabilities have been discovered in the Honeywell Experion control system.
In various services, including the Honeywell Experion Distributed Control System and the QuickBlox platform, multiple vulnerabilities found security that could seriously disrupt the operation of the affected systems.
IoT security company Armis has announced nine vulnerabilities in the Honeywell Experion control system, which is used in industry to control and monitor production processes. These vulnerabilities could allow an attacker to remotely execute arbitrary code on C300 controllers and modify their operation, and hide these changes from the workstation that manages the controllers.
The issue stems from the lack of encryption and adequate authentication mechanisms in the proprietary CDA protocol that provides communication between Experion servers and C300 controllers. As a result, anyone with access to the network can spoof both the controller and the server. In addition, there are design flaws in the CDA protocol that make it difficult to control data boundaries and can lead to buffer overflows.
The Cybersecurity and Infrastructure Protection Agency of America (CISA) in its advice noted that seven of the nine vulnerabilities have a CVSS score of 9.8 out of 10, while the other two have 7.5. “Successfully exploiting these vulnerabilities could lead to denial of service, privilege escalation, or remote code execution,” – warned agency.
In a related study, Check Point and Claroty found serious bugs in the QuickBlox chat and video calling platform, which is widely used in telemedicine, finance, and smart IoT devices. The vulnerabilities could allow attackers to access the user database of many popular applications, which include the QuickBlox SDK and API.
The vulnerabilities affect Rozcom, an Israeli residential and commercial intercom provider. Closer inspection of his mobile app revealed additional bugs ( CVE-2023-31184 And CVE-2023-31185 ) that allowed downloading all user databases, impersonating any user, and completely taking over accounts.
“As a result, we were able to gain complete control over all Rozcom intercom devices, allowing us to access the devices’ cameras and microphones, eavesdrop on their stream, open device-controlled doors, and more,” the researchers said.