'

Cisco patches flaws in building intelligence tools

Vulnerabilities in Network Building Mediator allow hackers to see passwords, intercept communications and modify configuration without admin privileges

Cisco has warned that its building intelligence products contain multiple vulnerabilities that could allow a hacker to take full control of vulnerable devices.

The company said the issues affect both Cisco-branded Network Building Mediator (NBM) products — the 2400 and 4800 — as well as the Richards-Zeta Mediator product. Cisco acquired the building intelligence products from Richards-Zeta in January 2009, and made the NBM products available in July 2009.

The products act as a bridge to connect heating, ventilation, cooling, lighting, electrical, security and renewable energy systems, by converting all the disparate protocols. The NBM then collects all the data from those systems and presents it in one interface. The suite is a key element of Cisco's Smart Connected Buildings range, which the company intends to help it win custom beyond the networking market.

The products are susceptible to bugs that allow an intruder to modify the device's configuration without the need for admin credentials or privileges. In addition, another flaw means that an attacker could get access to passwords and other user account details by reading an exposed system configuration file. The attack can be performed over XML RPC (remote procedure call) or XML RPC over HTTPS.

A third set of vulnerabilities "reflect the fact that sessions between an operator workstation and the Cisco Network Building Mediator are not protected against unauthorised interception", Cisco said in its advisory. "A malicious user able to intercept the sessions could learn any credentials used during intercepted sessions... and could subsequently take full control of the device."

In a security advisory released on Wednesday, Cisco urged customers to patch the products. It added that using HTTPS rather than HTTP would limit the number of vulnerabilities.

Taking full control of a NBM device could lead to a hacker gaining physical access to a building and access to CCTV images, one expert told ZDNet UK.

"It requires a sophisticated approach, but it is possible," Martin Voelk, a self-employed network consultant, said. "Video surveillance information could be retrieved. Unauthorised physical access could be a result."

Voelk added that IT departments should "separate the Mediator systems from the rest of the IP network until stable versions are available".

Cisco could not confirm the impact of the vulnerability at the time of writing.