Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Multiple Zero-Day Vulnerabilities Discovered by Tenable Research in Building Access Technology

January 14, 2019

Columbia, MD

An attacker could get free rein over buildings by exploiting the unpatched flaws to create fraudulent badges and disable building locks

Tenable®, Inc., the Cyber Exposure company, today announced that Tenable Research has discovered several zero-day vulnerabilities in the PremiSys™access control system developed by IDenticard. When exploited, the most severe vulnerability would give an attacker unfettered access to the badge system database, allowing him/her to covertly enter buildings by creating fraudulent badges and disabling building locks. According to its website, IDenticard has tens of thousands of customers around the world, including Fortune 500 companies, K-12 schools, universities, medical centers and government agencies.

Today’s modern enterprise has an extremely complex digital infrastructure comprised of both traditional and modern assets — from workstations and on-premises servers to building security systems and smart devices. This level of complexity has made it increasingly difficult for security teams to establish secure networks in dynamic enterprise environments. The PremiSys zero-days are a stark reminder that the mass adoption of emerging technologies has quickly blurred the lines between physical and digital security. This discovery comes just a few months after Tenable Research found another zero-day flaw — dubbed Peekaboo — in global video surveillance software.

PremiSys technology allows customers to grant and restrict access to doors, lockdown facilities and view integrated video. Once exploited, the most severe flaw would give cybercriminals administrator access to the entire badge system database via the PremiSys Windows Communication Foundation (WCF) service endpoint. Using the administrator privileges, attackers can perform a variety of actions like downloading the full contents of the system database, modifying its contents or deleting users.

“The digital era has brought the cyber and physical worlds together thanks, in part, to the adoption of IoT. An organization’s security purview is no longer confined by a firewall, subnets, or physical perimeter — it’s now boundaryless. This makes it critically important for security teams to have complete visibility into where they are exposed and to what extent,” said Renaud Deraison, co-founder and chief technology officer, Tenable. “Unfortunately, many manufacturers in the new world of IoT don’t always understand the risks of unpatched software, leaving consumers and enterprises vulnerable to a cyber attack. In this case, organizations that use PremiSys for access control are at a huge risk as patches are not available. Beyond this particular issue, the security industry needs to have a wider dialogue about embedded systems and their maintainability over time. The complexity of the digital infrastructure is increasing, and so is its maintenance. We need vendors to be committed to delivering security patches in a timely manner, and in a fully automated way. Tenable Research is committed to cooperating with willing vendors on coordinated disclosures to help ensure consumers and organizations alike are secure. Industry collaboration is key to helping customers manage, measure and reduce their exposure.”

Tenable Research disclosed the vulnerabilities (CVE-2019-3906, CVE-2019-3907, CVE-2019-3908, CVE-2019-3909), which affect version 3.1.190, to IDenticard following standard procedures outlined in its vulnerability disclosure policy. The team made multiple attempts to contact the vendor. On November 19, Tenable informed CERT of the vulnerability. To reduce the risk of compromise, users should segment their network to ensure systems like PremiSys are isolated from internal and external threats as much as possible.

For more information, read the Tenable Research Advisory blog post.

About Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

Contact Information:

[email protected]

Stay up to date!

Subscribe to our email alerts for new press releases.

Subscribe for press release updates

Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security