Security researchers have found a zero-day vulnerability in a popular building controller used for managing various systems, including HVAC (heating, ventilation, and air conditioning), alarms, or pressure level in controlled environments. The vulnerability is now tracked as CVE-2019-9569 and is a buffer overflow that leads to remote code execution when properly exploited. More than 1,600 devices were discovered using the Shodan search engine, showing that an attacker could do damage from miles away. The security company recommends extending the security practices to all network devices: shielding them with a firewall, checking the traffic for abnormal activity.
Source: https://www.bleepingcomputer.com/news/security/hvacking-remotely-exploiting-bugs-in-building-control-systems/