A+ office complex IoT pentest · 480 cameras + BMS + elevators · 14 critical findings · TSE approval
A newly built A+ office complex requested an acceptance test from DSET. CCTV (ONVIF, 480 Hikvision cameras), BMS (BACnet, HVAC + elevators + access control), 1,200 IoT devices. Rule: impact on elevators/HVAC/access control is FORBIDDEN (human safety). With passive analysis DSET reported 14 critical findings + IEC 62443 SL2 recommendations, and the TSE acceptance test was passed.
01 The Challenge
A cyber security acceptance test before the opening of a new A+ office complex. Hikvision DS-2CD2T47G2 firmware 2 years old (CVE-2021-36260 backdoor). BACnet/IP authentication: none (default, ASHRAE 135 insufficient). The elevator control panel had telnet open + admin/admin default. Human safety = impact forbidden.
02 DSET's Approach
T+0 · Device inventory
An inventory of 480 Hikvision cameras + 1,200 IoT devices. A risk map projecting 14 critical + 22 high + 38 medium findings.
T+1-6 days · Passive analysis
ONVIF + BACnet protocol analysis + read-only. Proof without impact for elevator safety. 14 critical findings (default credentials + firmware CVE + telnet).
T+10 days · Report + IEC 62443
An IEC 62443 SL2 target + ASHRAE 135 BACnet authentication. A board presentation was made to the building manager.