Nice Linear eMerge E3

Act Now9.8ICS-CERT ICSA-25-114-04Apr 24, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Linear eMerge E3 physical access control device contains a critical vulnerability (CWE-78: Improper Neutralization of Special Elements used in an OS Command) that allows unauthenticated remote attackers to execute arbitrary operating system commands. The vulnerability affects all versions up to and including firmware version 1.00-07. Nice has not indicated whether or when a patch will be developed. Successful exploitation could allow an attacker to take control of the access control system, potentially disabling door locks, modifying access permissions, or disabling security alarms.

What this means

What could happen

An attacker with network access to the Linear eMerge E3 device could execute arbitrary commands on it, potentially allowing them to modify door lock settings, disable alarms, or compromise the integrity of physical access control throughout your facility.

Who's at risk

This affects any organization using the Linear eMerge E3 physical access control system, including facility managers, security teams, and IT staff at corporate offices, data centers, government facilities, hospitals, schools, and utilities. The eMerge E3 is a networked door and access control device, so compromise affects building security and could allow unauthorized entry to critical areas.

How it could be exploited

An attacker can send a malicious network request to the exposed eMerge E3 device without authentication to execute arbitrary OS commands. The command execution happens directly on the device's underlying operating system, giving the attacker control over the access control system's behavior.

Prerequisites

Network access to the Linear eMerge E3 device over the internet or from an internal network
No authentication required
Device must be running firmware version 1.00-07 or earlier

Remotely exploitableNo authentication requiredLow attack complexityArbitrary code execution capabilityHigh EPSS score (60.2%)No patch available from vendorDefault credentials present on devices

Exploitability

High exploit probability (EPSS 60.2%)

Affected products (1)

ProductAffected VersionsFix Status

Linear eMerge E3: <=1.00-07≤ 1.00-07No fix (EOL)

Remediation & Mitigation

0/7

Do now

0/5

WORKAROUNDImmediately isolate the Linear eMerge E3 device from the internet and from any network segment that connects to the internet

HARDENINGPlace the device behind a firewall and restrict access to it to only authorized administrative IP addresses or subnets

HARDENINGChange the default credentials (username and password) on the device before reconnecting to any network

HARDENINGChange the default IP address of the device to something unique and non-standard within your network

HARDENINGIf remote access to the device is required, configure a VPN tunnel and ensure the VPN client and server are fully patched and up-to-date

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

WORKAROUNDContact Nice to request information on patch availability and timeline, or notify them if you are affected by exploitation attempts

HARDENINGMonitor the device for unauthorized access attempts and unexpected configuration changes using logs or network monitoring if available

CVEs (1)

CVE-2024-9441

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/09e88f1d-78de-44ca-9cc9-b3688d277ee7