HID Global announced recently they were made aware of a cybersecurity vulnerabilities within firmware running on Mercury LP and EP4502 Intelligent Controllers. Please note that EP-1501/1502/2500 are not impacted by these vulnerabilities. These issues are being addressed in a firmware release and the EP-4502 firmware is currently available for download. LP firmware is to be available within the first full week of June.
- EP-4502 firmware can be found in this download link: EP-4502 fw 1.297
- LP firmware can be found in this download link: LP fw 1.30.3
Specifics on updating firmware within Access It! can be found in KB 110 Updating EP/LP Firmware.
More Information
While referencing a different company, this ISCA-22-153-01 advisory does apply to all Mercury-Security partners and contains additional information.
The vulnerabilities will also be discussed at the following conferences:
- Hardware.io - June 6-10
- Blackhat - August 6-11
