Sensormatic Electronics Illustra Pro Gen 4

Plan PatchCVSS 8.3ICS-CERT ICSA-23-159-02Jun 8, 2023

Johnson Controls

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

A vulnerability in Sensormatic Electronics Illustra Pro Gen 4 cameras (Dome and PTZ models) allows an attacker to extract device credentials through a sustained series of network requests. The vulnerability requires network access but no authentication. Successful exploitation could allow an attacker to compromise stored credentials and gain unauthorized access to the camera system and potentially other connected infrastructure. The issue is caused by inadequate protection of credential storage (CWE-489: Service Loss from Uncontrolled Resource Consumption).

What this means

What could happen

An attacker could extract device credentials over a sustained period of attacks, potentially allowing them to gain unauthorized access to the camera system and any networked devices it connects to.

Who's at risk

This affects water utilities and municipalities using Sensormatic Illustra Pro Gen 4 cameras for facility monitoring or surveillance. Operators of critical infrastructure sites relying on these cameras for perimeter security or facility access control should prioritize remediation.

How it could be exploited

An attacker with network access to the camera would need to send specially crafted requests to the device over time to extract stored credentials. This is a slow, sustained attack that does not require authentication or user interaction.

Prerequisites

Network access to the camera on the same network segment or reachable IP subnet
No credentials required
Sustained attack over multiple requests

Remotely exploitableNo authentication requiredAffects surveillance systems used in critical infrastructureLow exploit probability (EPSS 0.1%)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Pro Gen 4 Dome: <= Illustra.SS016.05.09.04.0006≤ Illustra.SS016.05.09.04.00066.00.00

Pro Gen 4 PTZ: <= Illustra.SS010.05.09.04.0022≤ Illustra.SS010.05.09.04.00226.00.00

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Illustra Pro Gen 4 Dome firmware to version 6.00.00 or later via web GUI, Illustra Connect tool, Illustra Tools mobile app, or Victor/VideoEdge

HOTFIXUpdate Illustra Pro Gen 4 PTZ firmware to version 6.00.00 or later using the same upgrade methods

Long-term hardening

0/2

HARDENINGImplement network segmentation to restrict camera access to authorized management stations and monitoring systems only

HARDENINGMonitor network traffic to and from the cameras for suspicious patterns or repeated requests

CVEs (1)

CVE-2023-0954

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d3c14cd8-e9b6-4070-b226-1130bdd015d8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.