Johnson Controls Sensormatic Electronics Illustra
Act Now7.8ICS-CERT ICSA-21-245-01Sep 2, 2021
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A privilege escalation vulnerability in Johnson Controls Sensormatic Illustra IP cameras allows a local user with an existing account on the device to gain superuser (root) access to the underlying Linux operating system. This affects Pro Gen 3 (all versions before 2.8.0), Flex Gen 2 (all versions before 1.9.4), Insight (all versions before 1.4.0), and Pro 2 (all versions, end-of-life). The vulnerability is not remotely exploitable and requires local login capability. Johnson Controls has released fixed firmware versions 2.8.0 (Pro Gen 3), 1.9.4 (Flex Gen 2), and 1.4.0 (Insight). Pro 2 will not receive a patch.
What this means
What could happen
A local attacker with user-level access to a Sensormatic Illustra device could gain superuser (root) privileges on the underlying Linux operating system, allowing them to modify camera settings, recordings, or disable surveillance entirely.
Who's at risk
Facilities and security operations teams managing Johnson Controls Sensormatic Illustra IP camera systems used for building surveillance and access control. This affects Pro Gen 3, Flex Gen 2, Insight, and Pro 2 (end-of-life) models deployed in schools, office buildings, manufacturing plants, and utilities for CCTV monitoring.
How it could be exploited
An attacker with physical access or existing low-privilege user account on the device exploits a privilege escalation flaw to gain root access. This requires local login; the vulnerability is not remotely exploitable.
Prerequisites
- Local user account on the Illustra device (physical access or existing user credentials)
- Login capability to the device operating system
actively exploited (KEV)local exploit onlyprivilege escalationaffects all versions of multiple product linesPro 2 end-of-life with no patch availablehigh EPSS score (92.5%)
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Insight: All< 1.4.02.8.0
Pro 2: All versionsAll versions2.8.0
Flex Gen 2: All< 1.9.42.8.0
Pro Gen 3: All< 2.8.02.8.0
Remediation & Mitigation
0/6
Do now
0/4HOTFIXUpgrade Pro Gen 3 devices to firmware version 2.8.0 or later
HOTFIXUpgrade Flex Gen 2 devices to firmware version 1.9.4 or later
HOTFIXUpgrade Insight devices to firmware version 1.4.0 or later
HARDENINGRestrict physical access to Sensormatic Illustra devices to authorized personnel only
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGConfigure devices to use strong authentication and enforce least-privilege principles for user accounts
Long-term hardening
0/1HARDENINGPlan decommissioning of Pro 2 systems, which are end-of-life and will not receive security updates
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/5822adf8-dc0c-443d-98dd-6d4ceecd8417