{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/physical-security/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["access-control","physical-security","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA Reddit post highlights potential vulnerabilities within Paxton Net2 Access Control Units (ACUs). While the specifics of the vulnerabilities are not detailed in the Reddit post itself, the linked article allegedly describes how these flaws can be exploited to remotely unlock doors controlled by the Net2 system, potentially impacting prisons or other facilities using this access control technology. The potential for remote exploitation raises significant concerns about physical security bypass. Defenders should investigate their exposure to this product and monitor for anomalous network activity to or from these devices.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Paxton Net2 ACU connected to the network.\u003c/li\u003e\n\u003cli\u003eAttacker leverages an unspecified vulnerability to gain unauthorized access to the ACU.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates or bypasses authentication on the ACU to gain control.\u003c/li\u003e\n\u003cli\u003eAttacker sends a command to the ACU to unlock a specific door.\u003c/li\u003e\n\u003cli\u003eThe ACU executes the command, releasing the electronic lock on the door.\u003c/li\u003e\n\u003cli\u003eAttacker gains physical access through the unlocked door.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could lead to unauthorized physical access to secured areas. In a prison setting, this could enable escapes and security breaches. Other facilities, such as data centers or government buildings, could also be at risk. The number of affected facilities is unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInvestigate internal usage of Paxton Net2 ACUs and determine firmware versions.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic to and from Net2 ACUs for unexpected communications, as highlighted in the overview.\u003c/li\u003e\n\u003cli\u003eReview logs from Net2 ACUs for suspicious activity, if available, focusing on unusual unlock events.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule for unexpected user agents to detect reconnaissance activity targeting these devices.\u003c/li\u003e\n\u003cli\u003eBlock access to \u003ccode\u003ehttps://it4sec.substack.com/p/hacking-prison-doors-remotely-like\u003c/code\u003e at the web proxy, as this site may contain exploit information.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-19T22:15:35Z","date_published":"2026-03-19T22:15:35Z","id":"/briefs/2026-03-paxton-net2-vulns/","summary":"Vulnerabilities in Paxton Net2 Access Control Units (ACUs) could allow unauthorized remote access and control of secured doors, potentially affecting prisons and other high-security facilities.","title":"Vulnerabilities in Paxton Net2 Access Control Units","url":"https://feed.craftedsignal.io/briefs/2026-03-paxton-net2-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Physical-Security","version":"https://jsonfeed.org/version/1.1"}