Menu

React, etc. Tech Stack

React, Flux, GraphQL, Hack, HHVM...? All of this and more!

Vulnerabilities in elevator control system disclosed

Multinational elevator and escalator manufacturer KONE has revealed that it's control system was found to contain serious vulnerabilities. On September fifth, the company disclosed a series of vulnerabilities in it's KONE Group Controller (KGC) software.

The KGC is a controller device that manages a group of elevators in a building. The device is installed into the machine room hosting the rest of the control and operation of elevators. The KGCs purpose is to optimise the use of elevators, by controlling the traffic of elevators.

The company stated four individual vulnerabilities were found and disclosed:

The KGC is in auxiliary tool which is not an essential component in elevator controls, and thus the vulnerabilities have no direct control over elevators connected to a compromised device. However, KONE states that if a vulnerable device is exploited, malicious parties could:

The company has completed a safety risk assessment of the vulnerability based on elevator safety standards.

More details in the disclosure: Vulnerabilities in KONE Group Controller (KGC)

Written by Jorgé on Wednesday September 12, 2018

Permalink -

« wget2 adds HTTP/2 downloads, brotli compression and IPv6