Nortek Linear eMerge E3 Series

Act Now9.8ICS-CERT ICSA-18-046-01Feb 15, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Nortek Linear eMerge E3 series devices (version 0.32-07e and earlier) contain a remotely exploitable vulnerability (CWE-77: command injection) that allows an unauthenticated attacker to execute arbitrary commands or read sensitive data with no authentication required. The attack is network-based with low complexity. No vendor patch is available for this device.

What this means

What could happen

An unauthenticated attacker with network access to the Linear eMerge E3 device could execute arbitrary commands or read sensitive data, potentially allowing modification of access control lists, security policies, or system configurations that control physical door/badge access systems.

Who's at risk

Organizations operating physical access control systems using Nortek Linear eMerge E3 badge readers and door controllers should be concerned. This affects access control infrastructure at facilities such as corporate offices, hospitals, data centers, and industrial plants where badge-based entry is critical to physical security.

How it could be exploited

An attacker on the network (or Internet if the device is exposed) sends crafted requests to the eMerge E3 device. No authentication or credentials are required. The device processes the request unsafely and allows the attacker to inject commands or read restricted data, compromising the integrity and confidentiality of the access control system.

Prerequisites

Network reachability to the eMerge E3 device (HTTP/HTTPS port)
No valid credentials or authentication required
Device running firmware version 0.32-07e or earlier

remotely exploitableno authentication requiredlow complexity attackno patch availablecritical CVSS score (9.8)

Exploitability

Moderate exploit probability (EPSS 1.3%)

Affected products (1)

ProductAffected VersionsFix Status

Linear eMerge E3 series Versions: V0.32-07e and prior≤ 0.32-07eNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate the eMerge E3 device behind a firewall and restrict network access to only authorized management workstations

HARDENINGPlace the eMerge E3 device on a dedicated management VLAN separate from the business network and Internet

WORKAROUNDBlock all inbound access to the eMerge E3 device from the Internet and untrusted networks at the perimeter firewall

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDIf remote access to the device is required, use a VPN tunnel with strong authentication and keep VPN client/server software fully patched

CVEs (1)

CVE-2018-5439

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2e47b3f9-3b67-4d3d-bb2a-7e3dcacc772c