So far we have tested five controllers for three companies and have another three in the hopper for the fall, he continued. The tests uncovered nine critical vulnerabilities, 42 warning notices, and seven informational notices, Byres said.
In addition, he continued, two of these vulnerabilities hard-faulted the application logic running in the CPU." [That would seem to mean the controller frozeed.]
Byres says he can't disclose the names of the companies, or model numbers of the controllers, but we know that the Honeywell controllers he tested passed. So, ask your vendor if their controller passed the BCIT security analysis and, if not, ask why not.
Byres presented on the results (minus the names) at the InfraGuard conference in Washington, D.C., in mid-August, and will give us more details on the results.