The McAfee Advanced Threat Research team discovered a zero-day vulnerability in the Delta Controls enteliBUS Manager, or eBMGR, a popular building controller used for managing HVAC in data centers, access control to buildings, pressure rooms in hospitals, and more.
This video illustrates the devastating impact of the unpatched vulnerability, showing both normal functionality of the target system and full attack chain, raising the temperature to dangerous levels, disabling critical alarms and even faking the controller into thinking it is operating normally.