Zero days and non-public vulnerabilities
https://www.bleepingcomputer.com/news/security/zero-day-vulnerabilities-leave-smart-buildings-open-to-cyber-attacks/
A team of researchers discovered six zero-day vulnerabilities in protocols and individual components used in smart buildings. The flaws could be used to steal sensitive information, access or delete critical files, or perform malicious actions.
The glitches range from cross-site scripting (XSS), and path traversal, to arbitrary file deletion, and authentication bypass. They were found in building automation devices such as programmable logic controllers (PLCs) and gateway protocols.