PT-2022-10647 · Kevinlab · Kevinlab Inc Building Energy Management System 4St Bems

Published

2022-04-11

Updated

2025-10-08

CVE-2021-37292

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions KevinLAB Inc Building Energy Management System 4ST BEMS version 1.0.0

Description An Access Control issue exists due to an undocumented backdoor account. A malicious user can log in using this backdoor account with admin highest privileges and obtain system control.

Recommendations For KevinLAB Inc Building Energy Management System 4ST BEMS version 1.0.0, as a temporary workaround, consider disabling the undocumented backdoor account until a patch is available. Restrict access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-37292

Affected Products

Kevinlab Inc Building Energy Management System 4St Bems

CVE-2021-37292

Related Identifiers

Affected Products

References · 6