CyberData 011209 SIP Emergency Intercom

Act Now9.8ICS-CERT ICSA-25-155-01Jun 5, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The CyberData 011209 SIP Emergency Intercom contains multiple vulnerabilities including missing authentication (CWE-306), lack of input validation (CWE-35), SQL injection (CWE-89), and plaintext credential storage (CWE-522). These allow unauthenticated remote attackers to disclose sensitive information including stored credentials, cause denial of service by crashing the intercom, or execute arbitrary code to manipulate device behavior. Successful exploitation could prevent emergency alert delivery during critical incidents.

What this means

What could happen

An attacker with network access to the intercom could read stored credentials and sensitive data, disrupt emergency communications, or run arbitrary commands on the device, potentially preventing critical alarm or evacuation notifications from reaching facility occupants.

Who's at risk

Facility emergency response coordinators and building operations staff who rely on SIP-based emergency intercoms for evacuation alerts, medical response, or mass notification. This affects any organization using CyberData 011209 intercoms installed in hospitals, schools, office buildings, manufacturing plants, or other critical facilities where emergency communications are essential.

How it could be exploited

An attacker on the network sends unauthenticated requests directly to the intercom's web interface or administrative ports (likely 80/443 or proprietary SIP ports). The attacker exploits missing input validation and authentication checks to inject commands, extract configuration files containing plaintext credentials, or crash the device.

Prerequisites

Network access to the intercom (same network segment or routed path)
No valid credentials required
Device must be reachable on its management interface (web UI or administrative port)

remotely exploitableno authentication requiredlow complexityhigh CVSS (9.8)affects safety/emergency systemsEPSS 0.3% but critical severity indicates real risk

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

011209 SIP Emergency Intercom: <22.0.1<22.0.122.0.1

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGIsolate intercom devices on a separate network segment restricted from general IT and guest networks; restrict access to administrative ports using firewall rules (deny external access to web management interface)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate 011209 SIP Emergency Intercom firmware to v22.0.1 or later

Long-term hardening

0/1

HARDENINGIf remote administration is required, implement VPN access with multi-factor authentication and restrict to authorized engineering personnel only

CVEs (5)

CVE-2025-30184 CVE-2025-26468 CVE-2025-30507 CVE-2025-30183 CVE-2025-30515

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e3d841c8-2e87-444b-b72c-03f97e55f963