Vulnerability Note VU#977312
Johnson Controls CK721-A and P2000 remote command execution vulnerability
Original Release date: 13 Jul 2012 | Last revised: 13 Jul 2012
Overview
Johnson Controls CK721-A and P2000 products contain a remote command execution vulnerability which may allow an unauthenticated remote attacker to perform various tasks against the devices.
Description
The "download" port (tcp/41014) on the CK721-A device is vulnerable to remote command execution. An unauthenticated attacker can send specially crafted packets to the port to instruct it to perform various tasks like unlocking a door, adding badges, or changing the configuration which could grant physical access to a secured area to the attacker without requiring valid credentials to the product. The "upload" port (tcp/41013) P2000 (Pegasys) servers which is used for logging and alerting purposes is vulnerable to false alerts injections. The server accepts any messages sent to it with the only verification being the source IP address. An attacker can send specially crafted packets to the port that provides false access data to the server. |
Impact
An unauthenticated attacker with network access to the CK721-A device can instruct it to perform various tasks like unlocking a door, adding badges, or changing the configuration which could grant physical access to a secured area. An unauthenticated attacker with network access to the P2000 (Pegasys) servers device can instruct it to log false alerts causing legitimate alerts to be harder to spot. |
Solution
Update |
Restrict Access |
Vendor Information (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Johnson Controls | Affected | - | 07 Jun 2012 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | 6.4 | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Temporal | 4.9 | E:POC/RL:W/RC:UC |
Environmental | 4.8 | CDP:LM/TD:M/CR:ND/IR:ND/AR:ND |
References
- None
Credit
Thanks to Travis Lee for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
- CVE IDs: CVE-2012-2607
- Date Public: 13 Jul 2012
- Date First Published: 13 Jul 2012
- Date Last Updated: 13 Jul 2012
- Document Revision: 19
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
This product is provided subject to this Notification and this Privacy & Use policy.
Was this document helpful? Yes | Somewhat | No