CVE-2024-47255 2N CVE debrief

Who should care

Organizations deploying 2N Access Commander for physical access control and building security systems, particularly in critical infrastructure environments. Security teams managing OT/ICS networks and system administrators responsible for Access Commander deployments.

Technical summary

The vulnerability exists in 2N Access Commander versions 3.1.1.2 and earlier. A local attacker with existing high privileges can escalate to root permissions, enabling arbitrary code execution with full system control. The attack requires local access and high complexity, with no user interaction needed. Confidentiality impact is high, integrity impact is low, and availability impact is none per CVSS 3.1 scoring.

Defensive priority

medium

Recommended defensive actions

• Update 2N Access Commander to version 3.3 or later from the 2N download center
• Review 2N's security advisory for additional hardening guidance
• Apply principle of least privilege for local system access
• Monitor for anomalous privilege escalation attempts on Access Commander systems
• Segment Access Commander deployments from untrusted networks per CISA ICS recommended practices

Evidence notes

CISA ICS advisory ICSA-24-319-17 (Update A) documents this vulnerability with CVSS 3.1 vector AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N. The advisory was initially published November 14, 2024 and modified February 11, 2025 to add new vulnerability information and update mitigations.

Official resources