Researchers found 20+ vulnerabilities in dormakaba’s physical access control ecosystem (including the Exos central management software, an Access Manager device, and registration units used with keypads, fingerprint readers, or chip cards). The issues ranged from hardcoded credentials/keys and weak authentication to path traversal and command injection. In a worst-case scenario, an attacker could abuse these flaws to remotely unlock doors, extract access PINs, or pivot deeper into the organization’s environment—serious impact because these systems are used by large European enterprises, including industrial firms, energy providers, logistics, and airports.

Dormakaba said most real-world exploitation would require an attacker to already have some access to the customer’s network or hardware (i.e., “inside” the protected environment). However, SEC Consult also identified dozens of internet-exposed deployments that could have been reachable directly from the web, potentially enabling remote door control without a prior foothold in those specific cases. Dormakaba and SEC Consult ran a responsible disclosure process over roughly 18 months, resulting in multiple patches plus hardening guidance, and dormakaba stated it is not aware of active exploitation of these specific flaws.

Source: https://www.securityweek.com/access-system-flaws-enabled-hackers-to-unlock-doors-at-major-european-firms/