Executive Summary

Title S2 Security Linear eMerge Access Control System management component vulnerable to unauthenticated factory reset
Name VU#571629 First vendor Publication 2010-01-04
Vendor VU-CERT Last vendor Modification 2010-04-29
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#571629

S2 Security Linear eMerge Access Control System management component vulnerable to unauthenticated factory reset


The S2 Security Linear eMerge Access Control System management console allows an unauthenticated attacker to perform a factory reset of the management system.

I. Description

Linear eMerge is an IP-enabled security management and access control system. The product is distributed by Linear LLC, however the product is created by the S2 Security Corporation. Linear eMerge has two types of components. The first is a Linux system that runs a web server and a database. This component is used to configure the access control system through the use of a web browser. The other component are the node controls, which operate building security hardware, such as locks, card readers, elevator buttons, motion detectors, etc.

The management component of eMerge can be reset to its factory configuration through the use of a specially crafted URI. No authentication is required. Once this happens, the management component will no longer be functional and will be taken off of the network because it will lose its IP address. If this happens, the node components will continue to operate, but in a standalone configuration. The nodes can continue to operate in this manner indefinitely.

The functionality of the management controller can be resumed by restoring a database backup, which is created automatically every night.

Software versions 2.5.x are reported to be affected.

II. Impact

By following a specially crafted URI, a local, unauthenticated attacker can cause a denial-of-service condition on the eMerge management controller. Note that this condition does not affect the operation of the node components.

III. Solution

Apply an update

This issue is addressed in an upgrade script for Linear eMerge. Please contact Linear for update availability.

Systems Affected

VendorStatusDate NotifiedDate Updated
Linear LLCVulnerable2009-10-212010-01-04
S2 SecurityVulnerable2009-10-282010-04-29




Thanks to Shawn Merdinger for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public:2010-01-04
Date First Published:2010-01-04
Date Last Updated:2010-04-29
CERT Advisory: 
US-CERT Technical Alerts: 
Document Revision:17

Original Source

Url : http://www.kb.cert.org/vuls/id/571629

CPE : Common Platform Enumeration

Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
61481 eMerge Management Component Crafted HTTP Request Remote DoS

eMerge Management Component contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker send a crafted HTTP request, and will result in loss of availability for the service.