ABB Ability Camera Connect Vulnerabilities in outdated 3rd party component (VLC)

Act NowCVSS 9.84hzm000603Nov 27, 2025

ABB

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB Ability Camera Connect versions 1.5.0.14 and below contain vulnerabilities in an embedded VLC media player component (version 2.2.4). The underlying VLC vulnerabilities include buffer overflows and memory corruption flaws (CWE-122, CWE-191, CWE-787, CWE-427, CWE-190, CWE-193, CWE-125, CWE-415, CWE-119, CWE-416) that could allow remote code execution with CVSS 9.8 and 73.8% exploit probability. ABB has released Camera Connect version 1.5.0.15 with an updated VLC component. Alternatively, customers can independently update VLC Media Player to the latest version as a temporary mitigation.

What this means

What could happen

An attacker could remotely execute arbitrary code on a system running vulnerable versions of Camera Connect by exploiting buffer overflow and memory corruption flaws in the embedded VLC media player component, potentially compromising system confidentiality, integrity, and availability.

Who's at risk

Organizations using ABB Ability Camera Connect (version 1.5.0.14 and below) for video surveillance, monitoring, or industrial process visualization. This includes water utilities, power plants, manufacturing facilities, and critical infrastructure operators that rely on camera systems for visual process monitoring or security purposes.

How it could be exploited

An attacker could craft a malicious media file or stream that exploits memory corruption vulnerabilities in VLC 2.2.4 bundled with Camera Connect. When the application processes this file—either through manual user action or automated video feed processing—the attacker's code executes with the privileges of the Camera Connect application, allowing command execution or system compromise.

Prerequisites

Network access to Camera Connect application or its media input interface
Ability to provide malicious media file or stream to the application
User interaction to open/play a malicious media file (if manual processing) OR automated video feed processing enabled

remotely exploitableno authentication requiredlow complexityhigh EPSS score (73.8%)affects safety-critical monitoring systemsembedded vulnerable third-party component

Exploitability

Likely to be exploited — EPSS score 73.8%

Metasploit module available — weaponized exploitView module ↗

Affected products (1)

ProductAffected VersionsFix Status

Ability Camera Connect <=1.5.0.14≤ 1.5.0.141.5.0.15

Remediation & Mitigation

0/4

Do now

0/3

HOTFIXUpdate VLC Media Player to the latest version (3.0.0 or later) on systems running Camera Connect 1.5.0.14 or below if immediate update of Camera Connect is not feasible

WORKAROUNDRestrict network access to Camera Connect application to trusted internal networks only; block external direct access via firewall rules

WORKAROUNDDisable automated media feed processing in Camera Connect if not required for operations; require manual user validation before processing media files from untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ABB Ability Camera Connect to version 1.5.0.15 or later

CVEs (22)

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d9b12104-1122-4348-b723-4d4b9a42b273

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.