{"id":193608,"date":"2022-06-10T05:16:00","date_gmt":"2022-06-10T07:16:00","guid":{"rendered":"https:\/\/teknomers.com\/fr\/des-chercheurs-revelent-des-failles-critiques-dans-le-systeme-de-controle-dacces-industriel-de-carrier\/"},"modified":"2022-06-10T05:16:01","modified_gmt":"2022-06-10T07:16:01","slug":"des-chercheurs-revelent-des-failles-critiques-dans-le-systeme-de-controle-dacces-industriel-de-carrier","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/des-chercheurs-revelent-des-failles-critiques-dans-le-systeme-de-controle-dacces-industriel-de-carrier\/","title":{"rendered":"Des chercheurs r\u00e9v\u00e8lent des failles critiques dans le syst\u00e8me de contr\u00f4le d&#8217;acc\u00e8s industriel de Carrier"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Pas moins de huit vuln\u00e9rabilit\u00e9s zero-day ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es dans le syst\u00e8me de contr\u00f4le d&#8217;acc\u00e8s LenelS2 HID Mercury de Carrier, largement utilis\u00e9 dans les \u00e9tablissements de sant\u00e9, d&#8217;\u00e9ducation, de transport et gouvernementaux.<\/p>\n<p>&#8220;Les vuln\u00e9rabilit\u00e9s d\u00e9couvertes nous ont permis de d\u00e9montrer la capacit\u00e9 de d\u00e9verrouiller et de verrouiller les portes \u00e0 distance, de contourner les alarmes et de saper les syst\u00e8mes de journalisation et de notification&#8221;, ont d\u00e9clar\u00e9 Steve Povolny et Sam Quinn, chercheurs en s\u00e9curit\u00e9 chez Trellix, dans un rapport partag\u00e9 avec The Hacker News.<\/p>\n<p>Les probl\u00e8mes, en un mot, pourraient \u00eatre transform\u00e9s en armes par un acteur malveillant pour obtenir le contr\u00f4le total du syst\u00e8me, y compris la capacit\u00e9 de manipuler les serrures de porte.  L&#8217;un des bogues (CVE-2022-31481) comprend une faille d&#8217;ex\u00e9cution \u00e0 distance non authentifi\u00e9e qui est not\u00e9e 10 sur 10 pour la gravit\u00e9 sur le syst\u00e8me de notation CVSS.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/backup-gitlab\" target=\"_blank\" title=\"DevOps backup\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/05\/Fronton-un-botnet-IoT-russe-concu-pour-mener-des-campagnes.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>D&#8217;autres lacunes pourraient conduire \u00e0 l&#8217;injection de commandes (CVE-2022-31479, CVE-2022-31486), au d\u00e9ni de service (CVE-2022-31480, CVE-2022-31482), \u00e0 la modification de l&#8217;utilisateur (CVE-2022-31484), et l&#8217;usurpation d&#8217;informations (CVE-2022-31485) ainsi que l&#8217;\u00e9criture arbitraire de fichiers (CVE-2022-31483).<\/p>\n<p><iframe loading=\"lazy\" title=\"Trellix Researchers Expose Zero Day Vulnerabilities in Industrial Control System\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/pxY4fo_vx54?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>LenelS2 est utilis\u00e9 dans des environnements pour accorder un acc\u00e8s physique \u00e0 des installations privil\u00e9gi\u00e9es et s&#8217;int\u00e9grer \u00e0 des d\u00e9ploiements d&#8217;automatisation de b\u00e2timent plus complexes.  Les panneaux d&#8217;acc\u00e8s HID Mercury suivants vendus par LenelS2 sont concern\u00e9s &#8211;<\/p>\n<ul>\n<li>LNL-X2210<\/li>\n<li>LNL-X2220<\/li>\n<li>LNL-X3300<\/li>\n<li>LNL-X4420<\/li>\n<li>LNL-4420<\/li>\n<li>S2-LP-1501<\/li>\n<li>S2-LP-1502<\/li>\n<li>S2-LP-2500, et<\/li>\n<li>S2-LP-4502<\/li>\n<\/ul>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowdsec-tour-d\" target=\"_blank\" title=\"CyberSecurity\"><img loading=\"lazy\" decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEj6zHdXd3qpCksF0nkMkrjsOzaw-cxZGPHWoTEp9y7VPIeyPBFGsmIyIX8NTkqI1IDqnIXYnsZuIh4rc9f8TNUn7ndAZqtXc-t58X2oueTaL4Ijb4hgH-b183QvQ0ienXIipuOsqeLP5b8I2prKmp0RWvdZQgnKehVRKbqRQpin1JgfwlZeE_IB4EmesQ\/s1600\/crowdsec-728.jpg\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Trellix a not\u00e9 qu&#8217;en encha\u00eenant deux des faiblesses susmentionn\u00e9es, il a pu obtenir \u00e0 distance des privil\u00e8ges de niveau racine sur l&#8217;appareil et d\u00e9verrouiller et contr\u00f4ler les portes, renversant efficacement les protections de surveillance du syst\u00e8me.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"589\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/06\/1654845360_616_Des-chercheurs-revelent-des-failles-critiques-dans-le-systeme-de.jpg\" \/><\/div>\n<p>Co\u00efncidant avec la divulgation publique, un avis sur les syst\u00e8mes de contr\u00f4le industriel (ICS) de la US Cybersecurity and Infrastructure Security Agency (CISA), exhorte les utilisateurs \u00e0 mettre \u00e0 jour les panneaux d&#8217;acc\u00e8s au <a rel=\"nofollow noopener\" href=\"https:\/\/www.corporate.carrier.com\/product-security\/advisories-resources\/\" target=\"_blank\">derni\u00e8re version du micrologiciel<\/a> (CARR-PSA-006-0622).<\/p>\n<p>&#8220;L&#8217;exploitation r\u00e9ussie de ces vuln\u00e9rabilit\u00e9s pourrait permettre \u00e0 un attaquant d&#8217;acc\u00e9der \u00e0 l&#8217;appareil, permettant la surveillance de toutes les communications envoy\u00e9es vers et depuis l&#8217;appareil, la modification des relais int\u00e9gr\u00e9s, la modification des fichiers de configuration, l&#8217;instabilit\u00e9 de l&#8217;appareil et une condition de d\u00e9ni de service&#8221;, l&#8217;agence <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/icsa-22-153-01\" target=\"_blank\">a dit<\/a> dans une alerte.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/06\/researchers-disclose-critical-flaws-in.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pas moins de huit vuln\u00e9rabilit\u00e9s zero-day ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es dans le syst\u00e8me de contr\u00f4le d&#8217;acc\u00e8s LenelS2 HID Mercury de Carrier, largement utilis\u00e9 dans les \u00e9tablissements de sant\u00e9, d&#8217;\u00e9ducation, de transport et gouvernementaux. &#8220;Les vuln\u00e9rabilit\u00e9s d\u00e9couvertes nous ont permis de d\u00e9montrer la capacit\u00e9 de d\u00e9verrouiller et de verrouiller les portes \u00e0 distance, de contourner les alarmes [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":193610,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[76484,12848,4168,3976,5729,4158,4165,4161,7192,429,133,4806,7459,4157,4159,4171,4170,4167,4160,4163,4162,14397,4172,4169,2622,4166,4164],"class_list":["post-193608","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-carrier","tag-chercheurs","tag-comment-pirater","tag-controle","tag-critiques","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dacces","tag-dans","tag-des","tag-failles","tag-industriel","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-revelent","tag-securite-informatique","tag-securite-internet","tag-systeme","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/193608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=193608"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/193608\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/193610"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=193608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=193608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=193608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}