CVE-2021-47706 COMMAX Biometric Access Control System Authentication Bypass

COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass...

6 Reasons Occupancy Monitoring Is Key for Energy Efficiency

Today, with the world more conscious than ever about the conservation of energy, efficiency becomes even more critical.…...

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium's Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. "These vulnerabilities are fully exploitable if a Niagara system is...

Smart Buildings Energy Consumption Forecasting Using Adaptive Evolutionary Ensemble Learning Models

Smart buildings are gaining popularity because they can enhance energy efficiency, lower costs, improve security, and provide a more comfortable and convenient environment for building occupants. A considerable portion of the global energy supply is consumed in the building sector and plays a...

CVE-2013-0108

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator EBI R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager aka CPO-M Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code vi...

Teen Behind Hundreds of Swatting Attacks Pleads Guilty to Federal Charges

Alan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States...

10 years on from the Target breach. Has building cyber security improved?

It’s over a decade since the Target data breach. It was an event that reinforced the need for supply chain security reviews. It seems that much has changed since then, or has it? Has the security profile of the average connected building in the USA improved in that time period, be it retail,...

americansteelbuildings.com Improper Access Control vulnerability OBB-3791817

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Martins Free & Easy SEO Link buildings Plugin < 1.2.30 is vulnerable to Cross Site Scripting (XSS)

Software Martins Free & Easy SEO Link buildings Type Plugin Vulnerable versions 1.2.30 Fixed in 1.2.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5641 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b26e0b25f0b1...

Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in amin open...

Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in amin open...

historicbuildings.us Cross Site Scripting vulnerability OBB-3765280

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Inside the World’s Biggest Hacker Rickroll

As a graduation prank, four high school students hijacked 500 screens across six school buildings to troll their classmates and teachers...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root

SpaceLogic.ps1 Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com https://www.se.com/ww/en/product/5200WHC2/home-controller-spacelogic-cbus-cbus-ip-free-standing-24v-dc/...

McMenamins Data Breach Affects 12 Years of Employee Info

A ransomware attack on the McMenamins dining and hospitality empire in the Pacific Northwest came along with a data breach covering 12 years of employee data, the organization has confirmed. The Dec. 12 incident – which some have attributed to the Conti gang – forced McMenamins to shut down vario...

Gallagher Command Centre Server Trust Management Issue Vulnerability

A security vulnerability exists in Gallagher Command Centre Server, a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. The vulnerability stems from incorrect validation of the cloud certificate chain in Mobile Connect, which could be exploited by ...

Gallagher Command Centre Server Incorrect Privilege Authentication Vulnerability

Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. a security vulnerability exists in the COM interface of Gallagher Command Center Server, which could be exploited by an attacker to retrieve sensitive informatio...

Gallagher Command Centre Server Trust Management Issue Vulnerability (CNVD-2021-101145)

A security vulnerability exists in Gallagher Command Centre Server, a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings, which stems from incorrect validation of the cloud certificate chain in the mobile client. An attacker could exploit the...

CVE-2021-41292

ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC...

Authentication flaw

ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC...