PT-2017-14362 · Amag · Amag Symmetry Door Edge Network Controllers

John Mocuta

Published

2017-12-10

Updated

2019-10-03

CVE-2017-16241

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions AMAG Symmetry Door Edge Network Controllers versions 03.60 AMAG Symmetry Door Edge Network Controllers versions 01.00

Description The issue allows remote attackers to execute door controller commands, such as lock, unlock, or add ID card value, by sending unauthenticated requests to the affected devices via Serial over TCP/IP. This can be demonstrated by sending a Ud command.

Recommendations For AMAG Symmetry Door Edge Network Controllers version 03.60, update the device to a version that includes proper access control to prevent unauthenticated requests. For AMAG Symmetry Door Edge Network Controllers version 01.00, restrict access to the Serial over TCP/IP interface until a patch is available that addresses the incorrect access control issue.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2017-16241

Affected Products

Amag Symmetry Door Edge Network Controllers

PT-2017-14362 · Amag · Amag Symmetry Door Edge Network Controllers

CVE-2017-16241

Weakness Enumeration

Related Identifiers

Affected Products

References · 5