Product Notices

Windows TCP/IP Remote Code Execution Vulnerability

Published: August 13, 2024

Microsoft recently released a patch for a Critical-rated vulnerability (CVE-2024-38063), that affects a number of its Windows operating systems.

Although Everon has already applied this patch to all systems that it directly manages as part of its service offering, we are alerting you and encourage you to take action to ensure that your organization applies the patch to any systems that Everon does not manage on your behalf. You can find more information on CVE-2024-38063 here. If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here. 

March Networks Security Advisory

Published: July 7, 2024

A security regression was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. It is recommended to update R5 Recorders to avoid vulnerabilities in SSH. Patch 42339 R1.0 is available for 5.26.0.0047 (GA) and 5.27.0.0049 (GA).

Affected versions: 8000, 9000 and RideSafe Series GT/MT/RT recorders.

Find out more about CVE-2024-6387 from NIST Vulnerability Database (NVD) and CVE. If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here. 

Kantech KT Door Controllers Vulnerability

Published: July 4, 2024

Vulnerabilities have been confirmed impacting Kantech KT Door Controllers.

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

Affected Versions:

• Kantech KT1 Door Controller, Rev01 version 2.09.10 and prior
• Kantech KT2 Door Controller, Rev01 version 2.09.10 and prior
• Kantech KT400 Door Controller, Rev01 version 3.01.16 and prior

Mitigation Update Kantech door controllers as follows:

• Update Kantech KT1 Door Controller to at least version 3.10.12
• Update Kantech KT2 Door Controller to at least version 3.10.12
• Update Kantech KT400 Door Controller to at least version 3.03

Find out more about CVE-2024-32754 from NIST Vulnerability Database (NVD) and CVE. If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here. 

Software House iSTAR Pro Vulnerability

Published: June 6, 2024

A security vulnerability has been identified impacting Software House iSTAR Pro door controllers. Under certain circumstances communications between the ICU tool and iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration.

Affected Versions:

• iSTAR Pro (all versions)
• ICU (all versions)

Information on this vulnerability and detailed mitigation steps can be viewed here. Find out more about CVE-2024-32752 from NIST Vulnerability Database (NVD), CVE and CISA ICS-Cert Advisories.

If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here. 

Software House C•CURE 9000 Vulnerability

Published: June 5, 2024

A security vulnerability has been confirmed impacting Software House C•CURE 9000 v3.00.2.

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions.

Find out more about CVE-2024-0912 from NIST Vulnerability Database (NVD) and CVE. If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here. 

LenelS2's NetBox Vulnerability

Published: May 30, 2024

A potential security vulnerability has recently been identified impacting certain versions of LenelS2's NetBox access control system. 

Certain identified vulnerabilities impact NetBox versions 5.6.1 and prior. Additionally, certain older versions of NetBox (specifically versions prior to 5.4) may be susceptible to having malware installed under certain conditions. The malware vulnerability is due to an open-source library, a resource that exists outside of the LenelS2 NetBox system, to which NetBox systems refer.

Information on this vulnerability can be viewed here. Find out more about CVE-2024-2420 from NIST Vulnerability Database (NVD), CVE and CISA ICS-Cert Advisories.

If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here. 

Brivo ACS100 and ACS300 Vulnerabilities

Published: February 19, 2024

Vulnerabilities have been identified impacting older versions of firmware for the ACS100 and ACS300.

These vulnerabilities can be exploited if the attacker has physical access to the devices and has the tools and skills to perform a command injection attack. The vulnerability was addressed in Brivo firmware version 6.2.4.3 which was released in December 2023 for general use.

Find out more about CVE-2023-6260 from NIST Vulnerability Database (NVD) and CVE. Find out more about CVE-2023-6259 from NIST Vulnerability Database (NVD) and CVE.

All customers using ACS100, ACS300, ACS SDC, and ACS6000 control panels are advised to upgrade their panel firmware to the current version which is 6.2.5. If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here. 

HID Vulnerability

Published: February 7, 2024

Vulnerabilities have been identified in the following technologies: 

Vulnerabilities have been identified HID iClass SE readers, modules, and processors; HID OMNIKEY 5427CK, 5127CK, 5023, and 5027; and HID iCLASS SE CP1000 Encoder.

If you have these technologies installed at your facilities, we recommend taking immediate action to secure your systems. For more details and recommended actions, please visit the HID notices here and here. If you require assistance, contact your Everon account manager, call 844-538-3766, or contact us here.