Connect with us

Hi, what are you looking for?



Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats

An Axis network door controller vulnerability can be exploited to target facilities, exposing them to both physical and cyber threats.

A potentially serious vulnerability affecting a network door controller made by Swedish security solutions provider Axis Communications can expose facilities to both physical and cyber threats. 

Axis offers network cameras and other physical security products that are used by government and private sector organizations around the world. 

The flaw, tracked as CVE-2023-21406 and rated ‘high severity’, is a heap-based buffer overflow impacting the Axis A1001 network door controller. The company has released patches and additional security improvements to address the vulnerability. 

The vendor and the US Cybersecurity and Infrastructure Security Agency (CISA) released advisories this week to inform organizations about the vulnerability, which is related to the Open Supervised Device Protocol (OSDP), an access control communications standard.

“A heap-based buffer overflow was found in the pacsiod process, which is handling the OSDP communication, allowing to write outside of the allocated buffer. By appending invalid data to an OSDP message it was possible to write data beyond the heap allocated buffer. The data written outside the buffer could be used to execute arbitrary code,” Axis said in its advisory

CISA said the impacted product is used by commercial facilities worldwide. 

Industrial cybersecurity firm Otorio, whose researchers discovered the vulnerability, told SecurityWeek that the issue was identified during a larger research project “focusing on assessing the security and potential risks emerging from advancements in access control readers and controllers”, particularly OSDP, which is assumed to be secure. 

The Axis controller vulnerability can be exploited by an attacker who has physical access to the  RS-485 twisted pair cable located at the rear of an access control reader, which is typically stationed at the entry point of a secured facility or perimeter. 

Advertisement. Scroll to continue reading.

“We’ve also proven a tamper protection bypass for this scenario,” Otorio security research team leader Eran Jacob told SecurityWeek

An attacker can exploit the vulnerability to open doors. They could also tamper with logs on the access controller to hide their tracks. 

In addition, an attacker can also exploit the flaw to achieve remote code execution on the internal access controller from outside the targeted facility. This can be done over the serial channel used for reader-controller communications. 

“This vulnerability could potentially serve as a gateway to the internal IP network, even if highly segmented or air-gapped from the internet,” Jacob said. 

Otorio has found other vulnerabilities as well as part of the same research project into access control products, and it has developed an OSDP assessment tool that it plans on releasing as open source in the future. 

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Related: Critical Flaws Expose 400 Axis Cameras to Remote Attacks

Related: Swedish Security Solutions Provider Axis Hit by Cyberattack

Related: Aiphone Intercom System Vulnerability Allows Hackers to Open Doors

Related: Vulnerabilities in HID Mercury Access Controllers Allow Hackers to Unlock Doors

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.