CVE-2024-10534: Dataprom Access Control Traffic Injection

CVE-2024-10534 Overview

CVE-2024-10534 is an Origin Validation Error [CWE-346] affecting Dataprom Informatics Personnel Attendance Control Systems (PACS) and Access Control Security Systems (ACSS). The vulnerability allows an adjacent-network attacker to inject traffic into the access control communication channel because the system does not properly validate the source of incoming requests. Successful exploitation impacts the confidentiality, integrity, and availability of the access control infrastructure and the systems it protects. The issue affects all PACS/ACSS versions released before 2024. Turkey's national CERT (USOM) published advisory TR-24-1856 documenting the flaw.

Critical Impact

An attacker on an adjacent network can inject unauthenticated traffic into Dataprom PACS/ACSS deployments, potentially manipulating attendance records, bypassing physical access controls, and compromising downstream security systems.

Affected Products

• Dataprom Personnel Attendance Control Systems (PACS), versions before 2024
• Dataprom Access Control Security Systems (ACSS), versions before 2024
• Deployments exposing PACS/ACSS endpoints on adjacent or shared network segments

Discovery Timeline

• 2024-11-15 - CVE-2024-10534 published to NVD
• 2024-11-19 - Last updated in NVD database
• USOM TR-24-1856 - Turkish national CERT security notification released

Technical Details for CVE-2024-10534

Vulnerability Analysis

The vulnerability is classified as an Origin Validation Error [CWE-346]. Dataprom PACS/ACSS components accept network traffic without sufficiently verifying that requests originate from a trusted source. An adjacent attacker can craft messages that the system processes as if they came from a legitimate controller, reader, or management host. Because PACS/ACSS platforms govern personnel attendance and physical access enforcement, injected traffic can directly affect door controllers, attendance databases, and audit trails. The flaw requires low privileges and some user interaction according to the CVSS 4.0 vector, but does not require complex tooling once an attacker reaches the same network segment as the target.

Root Cause

The root cause is missing or insufficient origin verification in the network protocol used between PACS/ACSS components. The software fails to bind sessions to authenticated identities or to validate request provenance through cryptographic signatures, mutual TLS, or strict source filtering. Any host reachable on the adjacent network can therefore generate accepted commands or status updates.

Attack Vector

Exploitation requires Adjacent Network access, meaning the attacker must reside on the same broadcast or routed segment as a vulnerable PACS/ACSS endpoint. From that position, an attacker injects forged control messages, attendance events, or door-state updates. Possible outcomes include unauthorized door unlocks, falsified time-and-attendance records, suppression of legitimate alerts, and lateral movement into connected security management systems. No public proof-of-concept exploit is currently listed in Exploit-DB or CISA KEV.

No verified public exploit code is available. Refer to the USOM Security Notification TR-24-1856 for vendor-coordinated technical details.

Detection Methods for CVE-2024-10534

Indicators of Compromise

• Unexpected attendance entries or door-access events recorded outside business hours or for absent personnel
• PACS/ACSS log entries showing commands from MAC or IP addresses not assigned to registered controllers
• Repeated malformed or duplicated protocol frames on the access control VLAN

Detection Strategies

• Inspect network traffic on access control segments for messages whose source addresses do not match the authorized controller inventory
• Correlate physical access events with badge-reader telemetry and identity events to surface mismatches indicating injected traffic
• Alert on protocol anomalies such as out-of-sequence commands, unexpected command opcodes, or traffic from non-allowlisted hosts

Monitoring Recommendations

• Forward PACS/ACSS audit logs and network flow data to a centralized SIEM for cross-source correlation
• Establish a baseline of normal controller-to-server communication patterns and alert on deviations
• Monitor switch port and ARP tables on access control VLANs for unauthorized device connections

How to Mitigate CVE-2024-10534

Immediate Actions Required

• Inventory all Dataprom PACS/ACSS installations and identify versions released before 2024
• Restrict access control network segments using VLAN isolation and strict ACLs that permit only authorized management hosts
• Review recent attendance and access logs for anomalous events that may indicate prior exploitation

Patch Information

Dataprom addressed the issue in PACS/ACSS releases from 2024 onward. Upgrade affected deployments to a fixed version as coordinated with the vendor. Confirmation and download links are available through the USOM Security Notification TR-24-1856.

Workarounds

• Place PACS/ACSS controllers and servers on a dedicated, firewalled management VLAN with no general user access
• Enforce port security, 802.1X, or MAC allowlisting on switches serving access control devices to block rogue endpoints
• Require VPN or jump-host access for any administrative connection to PACS/ACSS management interfaces

# Example: restrict PACS/ACSS management traffic to authorized hosts only
# Replace interface and addresses with values matching the local deployment
iptables -A INPUT -i eth1 -s 10.20.30.0/28 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 443 -j DROP
iptables -A INPUT -i eth1 -m pkttype --pkt-type broadcast -j DROP