Paradox IP150 (Update A)

Act Now9.8ICS-CERT ICSA-20-324-02Nov 17, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The IP150 security control panel contains memory corruption vulnerabilities (CWE-121, CWE-120) that allow remote arbitrary code execution. Successful exploitation could terminate or disable the physical security system, preventing access control and intrusion detection. No public exploits are currently known, and Paradox has not released a firmware patch. The vulnerabilities affect IP150 firmware version 5.02.09 and all versions.

What this means

What could happen

An attacker could remotely execute code on the IP150 security panel, potentially disabling physical security monitoring and access controls at your facility. This could allow unauthorized entry or inability to detect intrusions.

Who's at risk

Facility managers and security teams operating Paradox IP150 security control panels should be concerned. The IP150 is commonly used in buildings for access control, alarm monitoring, and intrusion detection. Any facility relying on this device for physical security—including water utilities, power substations, data centers, and commercial buildings—is affected.

How it could be exploited

An attacker on the network sends a specially crafted request to the IP150 device on its listening port. The device processes the malformed input due to buffer overflow or similar memory corruption flaws (CWE-121/120) without proper bounds checking, allowing arbitrary code execution. No authentication or user interaction is required.

Prerequisites

Network access to IP150 device (typically port 80, 443, or 10000)
Device must be reachable from attacker's network location
No authentication or credentials required

Remotely exploitableNo authentication requiredLow complexity attackNo vendor patch availableAffects safety/security systemsHigh CVSS score (9.8)

Exploitability

Moderate exploit probability (EPSS 1.4%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

IP150: firmware5.02.09No fix (EOL)

IP150: all versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict network access to IP150 devices by placing them behind a firewall and denying all inbound access from untrusted networks, including the Internet

HARDENINGImplement network segmentation: isolate the physical security system network from the business/IT network using a firewall or air gap

WORKAROUNDIf remote access to IP150 is required, use a VPN with current patches and enforce access controls to only authorized personnel

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGApply least-privilege user access to any systems that manage or monitor the IP150

WORKAROUNDContact Paradox support directly to confirm whether a firmware patch is planned or to obtain additional mitigation strategies specific to your deployment

CVEs (2)

CVE-2020-25189 CVE-2020-25185

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/247e7667-7916-4569-be8b-33b63b22c4c5