OTPulse
FeedAboutContact

Sensormatic Electronics C-CURE 9000

Monitor4.3ICS-CERT ICSA-22-284-03Oct 11, 2022
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

C-CURE 9000 versions 2.90 and earlier allow an unauthorized user on the local network to enumerate valid user accounts without authentication. This information disclosure could be used to support credential-based attacks against the access control system. The vulnerability is local network-only and has low attack complexity.

What this means
What could happen
An attacker on the same local network could enumerate valid user accounts in C-CURE 9000, potentially enabling credential-based attacks against the access control system.
Who's at risk
Physical access control operators and IT staff managing Johnson Controls C-CURE 9000 access control systems. The risk applies to any facility using this system for badge readers, door locks, or entry point monitoring (banks, offices, hospitals, utilities, government buildings).
How it could be exploited
An attacker with network access to C-CURE 9000 (on the same subnet or connected network) can query the system to discover valid user account names without authentication, which could be used to prepare targeted attacks against the access control system.
Prerequisites
  • Network access to C-CURE 9000 on the local network segment
  • No authentication required
  • C-CURE 9000 version 2.90 or earlier
Low attack complexityNo authentication requiredAffects access control systemsImpacts security/physical separation
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
C-CURE 9000 - C-CURE 9000≤ 2.902.90 SP5 or version 3.0
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict network access to C-CURE 9000 to authorized IP ranges using firewall rules; do not expose the system to the business network or Internet
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate C-CURE 9000 2.90 to patch 2.90 SP5
HOTFIXUpgrade C-CURE 9000 to version 3.0 or later
Long-term hardening
0/1
HARDENINGApply principle of least privilege to user accounts with access to the access control system
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/667b684a-cac4-402d-aa12-44557fdf9e2e
Sensormatic Electronics C-CURE 9000 | CVSS 4.3 - OTPulse