IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Flux result d189894d f495 4075 85c9 5db8a0346f59
#
Firewalls
#
Hyperscale
#
Network Security

Claroty flags IP flaws in building management systems

Thu, 9th Apr 2026
Author image
By Sean Mitchell, Publisher

Claroty has published research identifying security weaknesses in the CEA-852 standard, which is used to connect building management systems to IP networks. The findings focus on risks to systems used in critical infrastructure facilities.

Its Team82 research group identified vulnerabilities and design weaknesses in LonTalk's IP implementation that create remote attack paths into internet-exposed building management system gateway and server devices. According to the research summary, those weaknesses could allow attackers to disrupt building management services.

CEA-852 links legacy control networks with IP-based communications in building management and automation systems. As LonTalk shifts from serial connectivity to the IP layer, more of that connectivity is occurring through the CEA-852 standard.

While the shift brings operational flexibility and interoperability, it also expands the attack surface. Exposing LonTalk over IP can introduce risks including unauthorised access, traffic manipulation and remote exploitation where security controls are weak or absent.

Gateway Risks

A central concern is the role of gateway and server devices that bridge protocols and device types across building environments. If an attacker compromises one of those gateways, the impact can spread beyond a single protocol.

In testing, the researchers demonstrated this on EnOcean and Loytec devices. The summary says those servers can bridge and host multiple protocols and services, including BACnet, Modbus and HTTP, meaning a breach could affect systems and sensors across a wider network.

Loytec is identified in the material as a building management systems provider used in facilities such as airports, hospitals and data centres in Australia. The company is part of Delta Electronics.

The research focuses on legacy protocols being brought online as building systems become more connected to mainstream IT environments. That convergence has intensified scrutiny of operational technology security in sectors that rely on continuous control of physical assets and services.

Undocumented Mechanisms

The investigation also uncovered undocumented authentication mechanisms and issues within packet types in the CEA-852 standard. Those issues could lead to service disruption.

The exposure is not limited to LonTalk itself. Because gateway devices may connect several building and industrial protocols, a successful intrusion at that point could give an attacker access across a broader management environment.

That matters in facilities where building management systems handle essential functions such as monitoring, automation and control. In such settings, outages or manipulated traffic can affect operations well beyond the IT estate.

Building management systems have often relied on older communications methods and were not originally designed for internet exposure. As operators connect them to IP networks for visibility, remote management or integration with other systems, researchers and asset owners have increasingly examined the security trade-offs.

According to Claroty's summary, providers and operators relying on legacy protocols face greater risk once those environments are connected to IP networks. It identified unauthorised access, traffic manipulation and remote exploitation as the chief threats arising from that change.

The findings add to broader concern around operational technology environments in critical infrastructure, where older field protocols and newer enterprise connectivity increasingly intersect. Security specialists have warned that protocol translation points, internet-facing gateways and weak authentication controls can become focal points for attacks.

Claroty said: “During our research into LonTalk's IP implementation we discovered serious vulnerabilities and design weaknesses that create remote attack vectors capable of compromising BMS gateway/server devices exposed to the Internet.”

It added: “This is not only a LonTalk problem: once an attacker compromises a gateway (in our tests we demonstrated this on EnOcean and Loytec devices), they can manipulate the entire building-management ecosystem.”

Related stories
Equinix launches Fabric Intelligence for AI networking
Subco completes SMAP cable splice on Sydney-Perth link
Amazon Australia signs nine renewable deals adding 430MW
Australians eye electric vehicles as fuel costs bite
Rockwell's Plex named major player in six IDC reports

Top stories

TrendAI partners Anthropic to embed Claude in security ops
Tenable launches OT discovery tool for exposure management
Proofpoint flags mailbox rule abuse in Microsoft 365
AI coding boom deepens cognitive debt, says Thoughtworks
Cloudflare, Wiz link AI security tools for unified view