Nortek has an upgrade plan to mitigate a command injection vulnerability in its Linear eMerge E3 Series, according to a report with ICS-CERT.
An access control interface, Linear eMerge E3 series Versions V0.32-07e and prior suffer from the remotely exploitable vulnerability, discovered by Evgeny Ermakov and Sergey Gordeychik.
Successful exploitation of this vulnerability could allow a remote attacker to execute malicious code on the system with elevated privileges, allowing for full control of the server.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.
CVE-2017-5439 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
The product sees use mainly in the commercial facilities sector. It also sees action on a global basis.
Nortek recommends affected users upgrade by following the process outlined on Page 47 of the E3 User Programming Guide.