Nice Linear eMerge E3

Act NowCVSS 9.8ICS-CERT ICSA-25-114-04Apr 24, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A command injection vulnerability in Nice Linear eMerge E3 (version 1.00-07 and earlier) allows unauthenticated attackers to execute arbitrary operating system commands on affected devices via a network request. The vulnerability has a CVSS score of 9.8. Nice has not indicated plans to develop a patch. Defensive measures include network isolation, credential changes, and firewall restrictions.

What this means

What could happen

An attacker with network access to the eMerge E3 device could execute arbitrary operating system commands, potentially allowing them to alter access control settings, modify door unlock states, or disrupt facility security operations.

Who's at risk

Facilities managers and security teams responsible for access control systems, particularly those using Nice Linear eMerge E3 door controllers and credential readers at building entrances, data centers, or secure areas.

How it could be exploited

An attacker sends a specially crafted request to the eMerge E3 device over the network without needing credentials or user interaction. The device processes the request and executes arbitrary OS commands with the device's privilege level.

Prerequisites

Network access to the eMerge E3 device (typically port 80/443 for web interface)
No authentication required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (60.2%)no patch availableaffects security/access control systems

Exploitability

Likely to be exploited — EPSS score 60.2%

Public Proof-of-Concept (PoC) on GitHub (3 repositories)

Affected products (1)

ProductAffected VersionsFix Status

Linear eMerge E3: <=1.00-07≤ 1.00-07No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/4

HARDENINGRestrict network access to the eMerge E3 device by placing it behind a firewall and blocking incoming connections from the internet and untrusted networks

HARDENINGChange the default credentials on the eMerge E3 device immediately

HARDENINGChange the default IP address of the eMerge E3 device to avoid easy discovery by attackers

HARDENINGIsolate the eMerge E3 device from other networks to prevent lateral movement if it is compromised

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to the eMerge E3 is required, implement a VPN connection and keep the VPN software updated

Long-term hardening

0/1

WORKAROUNDMonitor the Nice E3-Bulletin for any future security patches, as the vendor has not indicated a patch timeline

CVEs (1)

CVE-2024-9441

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/09e88f1d-78de-44ca-9cc9-b3688d277ee7

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.