Cisco Systems has warned of serious vulnerabilities in a device that connects
a building's ventilation, lighting, security, and energy supply systems so they
can be controlled by IT workers remotely.
The networking giant on Wednesday urged users of the Cisco Network Building
Mediator products to patch the vulnerabilities, which among other things allow
adversaries to obtain administrative passwords. No authentication is required to
read the system configuration files, making it possible for outsiders to take
control of a building's most critical control systems.