Nortek Linear eMerge 50P/5000P

Act Now10ICS-CERT ICSA-20-184-01Jul 2, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Nortek Linear eMerge 50P and 5000P access control systems running firmware v4.6.07 and earlier contain multiple critical vulnerabilities (CWE-35, CWE-77, CWE-434, CWE-352, CWE-287) that allow unauthenticated remote attackers to gain full system access. These include arbitrary file upload, command injection, cross-site request forgery (CSRF), and authentication bypass. Successful exploitation allows an attacker to execute arbitrary commands and gain complete control of the access control system.

What this means

What could happen

An attacker with network access to the eMerge device could gain complete control of the access control system, allowing them to lock or unlock doors, disable alarms, or alter security policies for the physical facility.

Who's at risk

Water authorities, municipal electric utilities, and other critical infrastructure facilities using Nortek Linear eMerge 50P or 5000P access control systems (building entry, badge readers, door locks) are at risk. This affects any facility relying on these devices for physical security.

How it could be exploited

An attacker on the network sends a specially crafted request to the eMerge device's web interface or API. The vulnerability allows the attacker to bypass authentication and upload malicious files or execute commands directly on the device without needing valid credentials.

Prerequisites

Network access to the eMerge device (typically port 80 or 443 if web-based)
No valid credentials required
Device must be reachable from the attacker's network location

Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (52.7% - more than half chance of exploit public availability)Affects access control/physical security systemsCVSS 10 (critical)Multiple vulnerability types (file upload, command injection, CSRF, credential bypass)

Exploitability

High exploit probability (EPSS 52.7%)

Affected products (1)

ProductAffected VersionsFix Status

Linear eMerge 50P/5000P:≤ 4.6.07v32-09a

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to eMerge device: Do not expose to the Internet, place behind firewall, allow connections only from authorized engineering workstations on a protected network segment

HARDENINGIf remote access is required, use VPN with current patches; ensure VPN access is restricted to specific authorized personnel

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade to Nortek v32-09a firmware

HARDENINGSegment access control system network from business network with a firewall or network isolation device

HARDENINGMonitor for suspicious activity or unauthorized access attempts to the eMerge device; establish alerting on failed authentication attempts

CVEs (5)

CVE-2019-7267 CVE-2019-7269 CVE-2019-7268 CVE-2019-7270 CVE-2019-7266

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ccae2c14-ab5d-4d0c-9bfa-bc1585301efb