CVE-2023-7017 is a critical vulnerability classified under CWE-494 (Download of Code Without Integrity Check) affecting the Sciener Kontrol Lux smart lock firmware version 6.5.x. The vulnerability arises because the lock’s firmware update process over Bluetooth Low Energy (BLE) does not perform any authentication or integrity validation on the firmware image before applying it. An attacker within BLE range can send a crafted challenge request command to the lock, which the device interprets as a preparation for a firmware update rather than a legitimate unlock request. This flaw allows an attacker to push malicious firmware or commands to the lock, effectively compromising the device’s confidentiality, integrity, and availability. The CVSS v3.1 base score of 9.8 reflects the vulnerability’s high exploitability (network vector, no privileges or user interaction required) and severe impact (full control over the device). Although no exploits have been reported in the wild yet, the vulnerability’s nature and ease of exploitation make it a critical risk. The lack of firmware validation means attackers can bypass physical security controls, potentially gaining unauthorized access to premises secured by these locks. This vulnerability highlights the risks of insecure IoT device update mechanisms, especially in devices controlling physical access.

For European organizations, this vulnerability poses a significant risk to physical security infrastructure. Organizations using Sciener Kontrol Lux locks in offices, residential buildings, hotels, or critical facilities could face unauthorized entry if attackers exploit this flaw. The compromise of lock firmware could lead to permanent lock disablement, unauthorized access, or persistent backdoors allowing ongoing control. This undermines trust in IoT security devices and could result in data breaches, theft, or physical harm. The impact extends beyond individual organizations to supply chains and tenants relying on these locks. Given the critical severity and network-level exploitability, attackers do not need physical possession of the device, only proximity to BLE signals, increasing the attack surface in urban and densely populated areas. The lack of authentication in firmware updates also raises concerns about the security posture of IoT devices deployed in Europe, where GDPR and other regulations emphasize data and physical security.

Immediate mitigation involves restricting BLE access to trusted devices only, using BLE signal range limitation techniques, and disabling firmware updates over BLE until a patch is available. Organizations should monitor logs and device behavior for unusual update attempts or lock malfunctions. Since no official patch is currently available, contacting the vendor for guidance and timelines is critical. Once patches are released, prompt firmware updates must be applied to all affected devices. Additionally, organizations should consider deploying network segmentation and physical security controls to limit attacker proximity to BLE signals. Implementing multi-factor authentication for physical access and integrating locks with centralized security management platforms can provide additional layers of defense. Regular security audits of IoT devices and firmware update mechanisms should be conducted to detect similar vulnerabilities proactively.