Everon resells products manufactured by other vendors. When we receive notices from those vendors related to their product’s security or operations, we publish summaries and links to those notices here. Below are current product notices Everon has received from its vendors. This list includes only current notices and does not include every notice for every product ever sold by Everon. The presence or absence of any product notice is not a representation by Everon of any vendor’s product’s status or suitability for any particular end use. Each vendor is solely responsible for the content of their notices linked below.
Recent Notices
Windows TCP/IP Remote Code Execution Vulnerability
Published: August 13, 2024
Microsoft recently released a patch for a Critical-rated vulnerability (CVE-2024-38063), that affects a number of its Windows operating systems.
Although Everon has already applied this patch to all systems that it directly manages as part of its service offering, we are alerting you and encourage you to take action to ensure that your organization applies the patch to any systems that Everon does not manage on your behalf. You can find more information on CVE-2024-38063 here. If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here.
Windows Remote Code Execution Vulnerability
Kantech KT Door Controllers Vulnerability
Published: July 4, 2024
Vulnerabilities have been confirmed impacting Kantech KT Door Controllers.
Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.
Affected Versions:
- Kantech KT1 Door Controller, Rev01 version 2.09.10 and prior
- Kantech KT2 Door Controller, Rev01 version 2.09.10 and prior
- Kantech KT400 Door Controller, Rev01 version 3.01.16 and prior
Mitigation Update Kantech door controllers as follows:
- Update Kantech KT1 Door Controller to at least version 3.10.12
- Update Kantech KT2 Door Controller to at least version 3.10.12
- Update Kantech KT400 Door Controller to at least version 3.03
Find out more about CVE-2024-32754 from NIST Vulnerability Database (NVD) and CVE. If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here.
Kantech Vulnerabilities
Software House iSTAR Pro Vulnerability
Published: June 6, 2024
A security vulnerability has been identified impacting Software House iSTAR Pro door controllers. Under certain circumstances communications between the ICU tool and iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration.
Affected Versions:
- iSTAR Pro (all versions)
- ICU (all versions)
Information on this vulnerability and detailed mitigation steps can be viewed here. Find out more about CVE-2024-32752 from NIST Vulnerability Database (NVD), CVE and CISA ICS-Cert Advisories.
If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here.
Software House iSTAR Pro Vulnerability
Software House C•CURE 9000 Vulnerability
Published: June 5, 2024
A security vulnerability has been confirmed impacting Software House C•CURE 9000 v3.00.2.
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions.
Find out more about CVE-2024-0912 from NIST Vulnerability Database (NVD) and CVE. If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here.
C•CURE 9000 Vulnerability
LenelS2's NetBox Vulnerability
Published: May 30, 2024
A potential security vulnerability has recently been identified impacting certain versions of LenelS2's NetBox access control system.
Certain identified vulnerabilities impact NetBox versions 5.6.1 and prior. Additionally, certain older versions of NetBox (specifically versions prior to 5.4) may be susceptible to having malware installed under certain conditions. The malware vulnerability is due to an open-source library, a resource that exists outside of the LenelS2 NetBox system, to which NetBox systems refer.
Information on this vulnerability can be viewed here. Find out more about CVE-2024-2420 from NIST Vulnerability Database (NVD), CVE and CISA ICS-Cert Advisories.
If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here.
LenelS2 NetBox Vulnerability
Brivo ACS100 and ACS300 Vulnerabilities
Published: February 19, 2024
Vulnerabilities have been identified impacting older versions of firmware for the ACS100 and ACS300.
These vulnerabilities can be exploited if the attacker has physical access to the devices and has the tools and skills to perform a command injection attack. The vulnerability was addressed in Brivo firmware version 6.2.4.3 which was released in December 2023 for general use.
Find out more about CVE-2023-6260 from NIST Vulnerability Database (NVD) and CVE. Find out more about CVE-2023-6259 from NIST Vulnerability Database (NVD) and CVE.
All customers using ACS100, ACS300, ACS SDC, and ACS6000 control panels are advised to upgrade their panel firmware to the current version which is 6.2.5. If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here.
Brivo Firmware Vulnerabilities
HID Vulnerability
Published: February 7, 2024
Vulnerabilities have been identified in the following technologies:
Vulnerabilities have been identified HID iClass SE readers, modules, and processors; HID OMNIKEY 5427CK, 5127CK, 5023, and 5027; and HID iCLASS SE CP1000 Encoder.
If you have these technologies installed at your facilities, we recommend taking immediate action to secure your systems. For more details and recommended actions, please visit the HID notices here and here. If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here.
HID Product Vulnerability Notice