ICSA-24-065-01 · Published 2024-03-05 · View on CISA ICS-CERT ↗

Nice Linear eMerge E3-Series

CVSS 10.0 CRITICAL CISA KEV — Known Exploited

Risk Summary

Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access.

CVEs (12)

CVE-2019-7253 CVE-2019-7254 CVE-2019-7255 CVE-2019-7256 CVE-2019-7257 CVE-2019-7258 CVE-2019-7259 CVE-2019-7260 CVE-2019-7261 CVE-2019-7265 CVE-2019-7262 CVE-2019-7264

Remediations

Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice's E3-Bulletin for more information.
Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:
Minimize network exposure of devices, ensuring they are not accessible from the internet.
Place the devices behind firewalls and isolate them from other networks.
When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.
Change default credentials on the device.
Change the default IP address of the device.
See Nice's Telephone Entry Bulletin for additional information.
Users should contact Nice with any questions.

Affected Vendors

Nice

Affected Products (1)

Nice · Linear eMerge E3-Series <=1.00-06

Affected Sectors

Commercial Facilities

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more