Nice Linear eMerge E3-Series

Act Now10ICS-CERT ICSA-24-065-01Mar 5, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Nice Linear eMerge E3-Series contains multiple critical vulnerabilities including path traversal (CWE-22), cross-site scripting (CWE-79), command injection (CWE-78), arbitrary file upload (CWE-434), broken access controls (CWE-863), and hardcoded credentials (CWE-798). These flaws allow a remote attacker without authentication to execute arbitrary code with system privileges and achieve full system compromise. The vulnerabilities affect firmware versions 1.00-06 and earlier. No patch has been released.

What this means

What could happen

An attacker with network access could gain full control of the eMerge E3 access control system, allowing them to unlock doors, disable security monitoring, or manipulate physical access to secured areas.

Who's at risk

Organizations operating Nice Linear eMerge E3-Series access control systems, commonly deployed in office buildings, data centers, secure facilities, and any location requiring badge-based or keypad entry. This includes security/facilities teams managing physical access to buildings.

How it could be exploited

An attacker can send a malicious request over the network to the eMerge E3 device without needing credentials or user interaction. The request exploits multiple vulnerabilities (path traversal, code injection, file upload, authentication bypass) to execute arbitrary commands on the device with system-level privileges.

Prerequisites

Network reachability to the eMerge E3 device (typically port 80/443 for web access)
No authentication required
Device running firmware version 1.00-06 or earlier

Remotely exploitable over the networkNo authentication requiredLow complexity attackActively exploited in the wild (KEV)Extremely high exploit probability (94.4% EPSS)No patch availableAffects physical security systemsCVSS 10.0 (maximum severity)

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

Linear eMerge E3-Series: <=1.00-06≤ 1.00-06No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/5

HARDENINGDo not expose the eMerge E3 device directly to the internet or untrusted networks

HARDENINGPlace the device behind a firewall and isolate it from other networks unless access is specifically required

WORKAROUNDChange the default IP address of the device from factory defaults

WORKAROUNDChange all default credentials on the device

HARDENINGIf remote access is required, restrict it to a VPN connection and keep VPN software updated

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Nice/Nortek to inquire about firmware updates or end-of-life timeline for the E3-Series

CVEs (12)

CVE-2019-7253 CVE-2019-7254 CVE-2019-7255 CVE-2019-7256 CVE-2019-7257 CVE-2019-7258 CVE-2019-7259 CVE-2019-7260 CVE-2019-7261 CVE-2019-7265 CVE-2019-7262 CVE-2019-7264

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2b2262c4-1def-414f-b453-cd6f39d10ac2