OTPulse
FeedAboutContact

Carrier Block Load

Monitor7.8ICS-CERT ICSA-25-051-03Feb 20, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Carrier Block Load 4.16 contains an improper resource validation vulnerability (CWE-427) that allows a malicious actor to execute arbitrary code with escalated privileges on a local system. Successful exploitation requires user interaction, such as opening a malicious file. No patch is currently available from the vendor.

What this means
What could happen
An attacker could execute arbitrary code with escalated privileges on systems running Carrier Block Load, potentially allowing them to modify building automation or HVAC control logic.
Who's at risk
Facilities and building automation operators using Carrier Block Load for HVAC, temperature control, or facility management. This affects any organization running Block Load 4.16 on Windows workstations that interact with building control systems.
How it could be exploited
An attacker would need to deceive a user into opening a malicious file or executing a malicious command on a system where Block Load is installed. Once executed with user interaction, the attacker gains elevated privileges and can run arbitrary commands on the building automation or control system.
Prerequisites
  • Local access to a system with Block Load installed
  • User interaction required (user must open a malicious file or execute a malicious command)
  • No authentication bypass needed
No patch availableLocal code executionRequires user interactionLow exploit probability (0.8% EPSS)
Exploitability
Low exploit probability (EPSS 0.8%)
Affected products (1)
ProductAffected VersionsFix Status
Block Load: 4.164.16No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict file execution and disable automatic script execution on Block Load workstations
HARDENINGTrain operators to avoid opening files or accepting commands from untrusted sources
Mitigations - no patch available
0/2
Block Load: 4.16 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement application whitelisting to prevent unauthorized code execution
HARDENINGIsolate Block Load workstations on a separate network segment with restricted access to critical systems
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/4b2b10df-2f5a-4bc0-8cec-4f3f7672c02d
Carrier Block Load | CVSS 7.8 - OTPulse