Outbreak Alert

Nice Linear eMerge Command Injection Vulnerability

Released: Mar 26, 2024

Updated: Mar 27, 2024

Download PDF »

Nice Linear eMerge Attack

Medium Severity

OT/ICS Type

Watch Video

Industrial access control system- Patch now

The vulnerability tracked as CVE-2019-7256 affecting an access control system called Linear eMerge E3-Series is affected by an OS command injection flaw that could allow an attacker to cause remote code execution and full access to the system. Learn More »

Common Vulnerabilities and Exposures

CVE-2019-7256

Background

The Nice Linear eMerge E3-Series is a popular access control system used in various commercial and industrial environments worldwide which emphasize the importance of the potential widespread impact of this vulnerability specially when the expoloit has been publicly available. CVE-2019-7256 received a severity score of 10/10, and can be exploited remotely with low complexity.

Threat Radar Overall Score:

	CVSS Rating	10.0
	FortiRecon Score	92/100
	Known Exploited	Yes
	Exploit Prediction Score	97.44%
	FortiGuard Telemetry	10636

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

March 05, 2024: CISA released an ICS advisory relating to multiple vulnerabilities affecting Nice Linear eMerge E3-Series including CVE-2019-7256 which is exploited in the wild.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01

March 25, 2024: CISA added CVE-2019-7256 to its known expoited catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

March 26, 2024: FortiGuard Labs continue to see attack attempts targeting the CVE-2019-7256 and has an existing IPS signature to block any attack attempts, however, it is recommended to apply firmware patch as recommended by the vendor to mitigate any risks fully.

Since January of this year, the IPS signature designed to safeguard against CVE-2019-7256 has been intercepting attack attempts, blocking such incidents on around 1000 distinct IPS devices daily.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Lure
Decoy VM
IPS
IoT/IIoT Virtual Patch

DETECT

Outbreak Detection
Threat Hunting
Playbook

RESPOND

Assisted Response Services
Automated Response

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Attack Surface Hardening
Inventory Management
Business Reputation

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

References

Sources of information in support and relation to this Outbreak and vendor.

CISA Advisory

Learn More »

Security Week

Learn More »

Medium

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Outbreak Alert

Nice Linear eMerge Command Injection Vulnerability

Industrial access control system- Patch now

Common Vulnerabilities and Exposures

Background

Threat Radar Overall Score: 4.4

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

Indicators of compromise IOC Threat Activity

References

CISA Advisory

Security Week

Medium

About FortiGuard Outbreak Alerts

Threat Intelligence
Center

Threat Radar Overall Score:

Indicators of compromise
IOC Threat Activity