Nortek has an upgrade plan to mitigate a command injection vulnerability in its Linear eMerge E3 Series, according to a report with ICS-CERT.

An access control interface, Linear eMerge E3 series Versions V0.32-07e and prior suffer from the remotely exploitable vulnerability, discovered by Evgeny Ermakov and Sergey Gordeychik.

GE Mitigates Relay Vulnerabilities
Schneider’s IGSS Mobile Fixed
Schneider Clears StruxureOn Gateway Hole
Meltdown, Spectre Affects Pepperl+Fuchs HMIs

Successful exploitation of this vulnerability could allow a remote attacker to execute malicious code on the system with elevated privileges, allowing for full control of the server.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Schneider Bold

A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.

CVE-2017-5439 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The product sees use mainly in the commercial facilities sector. It also sees action on a global basis.

Nortek recommends affected users upgrade by following the process outlined on Page 47 of the E3 User Programming Guide.

Pin It on Pinterest

Share This