Multiple Zero-Day Vulnerabilities Discovered by Tenable Research in Building Access Technology
Today’s modern enterprise has an extremely complex digital infrastructure comprised of both traditional and modern assets — from workstations and on-premises servers to building security systems and smart devices. This level of complexity has made it increasingly difficult for security teams to establish secure networks in dynamic enterprise environments. The PremiSys zero-days are a stark reminder that the mass adoption of emerging technologies has quickly blurred the lines between physical and digital security. This discovery comes just a few months after
PremiSys technology allows customers to grant and restrict access to doors, lockdown facilities and view integrated video. Once exploited, the most severe flaw would give cybercriminals administrator access to the entire badge system database via the
“The digital era has brought the cyber and physical worlds together thanks, in part, to the adoption of IoT. An organization’s security purview is no longer confined by a firewall, subnets, or physical perimeter — it’s now boundaryless. This makes it critically important for security teams to have complete visibility into where they are exposed and to what extent,” said Renaud Deraison, co-founder and chief technology officer, Tenable. “Unfortunately, many manufacturers in the new world of IoT don’t always understand the risks of unpatched software, leaving consumers and enterprises vulnerable to a cyber attack. In this case, organizations that use PremiSys for access control are at a huge risk as patches are not available. Beyond this particular issue, the security industry needs to have a wider dialogue about embedded systems and their maintainability over time. The complexity of the digital infrastructure is increasing, and so is its maintenance. We need vendors to be committed to delivering security patches in a timely manner, and in a fully automated way.
For more information, read the Tenable Research Advisory blog post.
About Tenable
Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver Tenable.io®, the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at tenable.com.
Contact Information:
Tenable
tenablepr@tenable.com
443-545-2102, x 1544
Source: Tenable Holdings, Inc.