Axis Communications says it has addressed a “vulnerability” in its A1001 network door controller after two employees of operational technology cybersecurity firm OTORIO uncovered what they called “a critical vulnerability” in the system.
The issue “involves the way (A1001) communicates, potentially exposing sensitive networks to unforeseen risks,” according to OTORIO’s complaint to the National Vulnerability Database.
“Such a flaw could pose a significant threat to facilities’ security and their internal IP networks,” the complaint says. “This discovery sheds light on potential risks to highly fortified OT networks, unintentionally blurring the line between physical and digital security.”
The exploit for this vulnerability, according to OTORIO, requires physical access to the RS-485 twisted pair cable situated at the rear of an access control reader, typically stationed at the entry of a secured facility or perimeter. OTORIO has also successfully demonstrated a tamper protection bypass, the company says.
