ABB Ability Camera Connect Vulnerabilities in outdated 3rd party component (VLC)
Act Now9.84hzm000603Nov 27, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
ABB Ability Camera Connect versions 1.5.0.14 and below include VLC media player version 2.2.4, which contains multiple vulnerabilities in buffer handling, integer operations, and memory management (CWE-122, CWE-191, CWE-787, CWE-427, CWE-190, CWE-193, CWE-125, CWE-415, CWE-119, CWE-416). These vulnerabilities could allow remote code execution without authentication or user interaction.
What this means
What could happen
An attacker could remotely execute arbitrary code on a system running Ability Camera Connect, potentially gaining full control of the camera system and the device it runs on. This could disrupt surveillance operations or be used as a pivot point to access other facility networks.
Who's at risk
Water and electric utilities using ABB Ability Camera Connect for facility surveillance or perimeter monitoring, particularly those running versions 1.5.0.14 and earlier. This affects surveillance infrastructure that integrates with ABB's monitoring systems.
How it could be exploited
An attacker could craft a malicious media file or stream that exploits buffer overflow, integer overflow, or use-after-free vulnerabilities in the bundled VLC 2.2.4 component. When Camera Connect processes this file (e.g., during video playback or stream analysis), the vulnerability triggers and allows code execution with the privileges of the Camera Connect application.
Prerequisites
- Network access to Camera Connect media processing (file upload, stream input, or API endpoint)
- Camera Connect running version 1.5.0.14 or earlier
- No authentication bypass required; exploitation can occur through processing untrusted media
Remotely exploitableNo authentication requiredLow complexityHigh EPSS score (73.8%)Affects surveillance/monitoring systems
Exploitability
High exploit probability (EPSS 73.8%)
Affected products (1)
ProductAffected VersionsFix Status
Ability Camera Connect <=1.5.0.14≤ 1.5.0.141.5.0.15
Remediation & Mitigation
0/3
Do now
0/2HOTFIXUpdate VLC Media Player to a patched version (3.0.0 or later recommended) on systems running Camera Connect
HARDENINGRestrict network access to Camera Connect to trusted administrative systems and limit media input sources to known-good feeds
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate ABB Ability Camera Connect to version 1.5.0.15 or later
CVEs (22)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d9b12104-1122-4348-b723-4d4b9a42b273