Sensormatic Electronics iSTAR

Plan Patch7.5ICS-CERT ICSA-23-192-02Jul 11, 2023

Attack VectorAdjacent

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Unauthenticated users can login to Sensormatic Electronics iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 devices with administrator rights due to improper authentication (CWE-287). The vulnerability affects firmware versions: iSTAR Ultra and Ultra LT above 6.8.6 and below 6.9.2 CU01; iSTAR Ultra G2 and Edge G2 below 6.9.2 CU01. No public exploits are known, but the vulnerability has high attack complexity.

What this means

What could happen

An attacker who gains admin access to an iSTAR device could reconfigure security system settings, disable alarms, or alter monitoring policies, compromising physical security monitoring and access control at your facility.

Who's at risk

Security operations teams at facilities using Sensormatic Electronics iSTAR physical security systems, including building access control, video surveillance integration, and alarm management—particularly mid-size to large commercial buildings, data centers, manufacturing plants, and municipal facilities with integrated security management.

How it could be exploited

An attacker with network access to an iSTAR device could attempt to login without valid credentials and gain admin privileges. The high attack complexity suggests the attacker would need specific knowledge of the device configuration or login mechanism, but once successful, they would have full administrative control.

Prerequisites

Network access to iSTAR device (adjacent network or direct network connection)
Knowledge of how to trigger the authentication bypass mechanism (high attack complexity suggests non-trivial exploitation steps)

No authentication required for admin accessHigh attack complexityNo patch available yetAffects facility physical security systemsNo known public exploits (low current exploit activity)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

iSTAR Edge G2: < 6.9.2 CU01< 6.9.2 CU016.9.2 CU01

iSTAR Ultra: > 6.8.6 | < 6.9.2 CU01> 6.8.6 | < 6.9.2 CU016.9.2 CU01

iSTAR Ultra LT: > 6.8.6 | < 6.9.2 CU01> 6.8.6 | < 6.9.2 CU016.9.2 CU01

iSTAR Ultra G2: < 6.9.2 CU01< 6.9.2 CU016.9.2 CU01

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict network access to iSTAR devices: place them behind firewalls and isolate from business networks and the Internet

HARDENINGIf remote access to iSTAR devices is required, enforce access through VPN or other secure tunnel with current security updates

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 firmware to version 6.9.2 CU01

CVEs (1)

CVE-2023-3127

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4cf54ba7-fa5e-48c5-be09-e56587f95c51