OTPulse
FeedAboutContact

Centralite Pearl Thermostat

Monitor7.5ICS-CERT ICSA-23-299-02Oct 26, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The Centralite Pearl Thermostat version 0x04075010 is vulnerable to a network-based denial of service attack (CWE-770: Allocation of Resources Without Limits or Throttling). An attacker can send specially crafted network requests that cause the thermostat to become unresponsive, disrupting HVAC control. Centralite has not responded to CISA requests to develop a patch and has stated no fix will be provided for this product version.

What this means
What could happen
An attacker can send specially crafted network requests to crash the Pearl Thermostat, disrupting HVAC control and potentially affecting building environmental management.
Who's at risk
Building facilities managers and HVAC system operators using Centralite Pearl Thermostat devices, particularly in buildings where HVAC outages could impact operations or occupant safety.
How it could be exploited
An attacker on the network sends malicious packets to the thermostat's network interface to trigger a denial of service condition, causing the device to become unresponsive.
Prerequisites
  • Network access to the Pearl Thermostat on the same network segment
  • No authentication required
  • Attacker must be able to send network traffic to the device
Remotely exploitableNo authentication requiredLow complexity attackNo patch availableNetwork denial of service
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Pearl Thermostat: 0x040750100x04075010No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to the Pearl Thermostat using firewall rules; only allow connections from authorized building management systems or engineering workstations
HARDENINGIsolate the thermostat control network from the business network and internet
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to the thermostat is required, deploy it behind a VPN and regularly update VPN software
Mitigations - no patch available
0/1
Pearl Thermostat: 0x04075010 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGMonitor network traffic to the thermostat for unusual activity or signs of exploitation attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/89d658aa-1872-4c03-a0e1-7b15ae3074a0
Centralite Pearl Thermostat | CVSS 7.5 - OTPulse