Dormakaba access systems vulnerable to remote door unlocking

As detailed in Security Affairs, researchers have uncovered over 20 security flaws within Dormakaba's physical access control systems, potentially allowing unauthorized remote unlocking of doors at major organizations. These vulnerabilities were found in the exos 9300 product line, which is widely deployed across Europe.

The security flaws, including hardcoded credentials, weak passwords, and command injection, were identified by SEC Consult in the exos 9300 ecosystem, affecting central management software, access managers, and door controllers. These systems are used by thousands of customers, including energy firms, logistics companies, and airports. Researchers demonstrated that attackers could exploit these vulnerabilities to remotely open doors, reconfigure controllers, and steal sensitive data like access PINs. While Dormakaba stated that exploitation requires prior internal network access, some access managers were found to be directly exposed to the internet, particularly in Spain and the Netherlands, with web services and SOAP APIs publicly accessible.

The discovery of these critical vulnerabilities in Dormakaba's widely used access control systems highlights the significant risks associated with unsecured IoT devices in critical infrastructure. The vendor has spent 18 months developing patches and guidance, underscoring the lengthy process of securing legacy systems. This incident emphasizes the need for continuous security audits and robust patching strategies for physical access control systems, especially those managing high-security environments, to prevent potential breaches and ensure operational integrity.

Source: Security Affairs