Sensormatic Electronics VideoEdge

Plan Patch7.1ICS-CERT ICSA-23-215-04Aug 3, 2023

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

VideoEdge video recorders contain a vulnerability in configuration file handling that allows a local user with low privileges to edit the VideoEdge configuration file (CWE-349). Successful exploitation could allow an attacker to interfere with VideoEdge operation, including disabling recording or altering system settings. The vulnerability affects VideoEdge versions prior to 6.1.1.

What this means

What could happen

A local attacker with low-level user access could modify the VideoEdge configuration file, potentially disabling video recording, altering system settings, or preventing normal surveillance operations.

Who's at risk

Security and surveillance operations relying on Sensormatic VideoEdge network video recorders for facility monitoring. This affects organizations using VideoEdge systems for video surveillance, monitoring, and recording in facilities such as buildings, data centers, and industrial sites.

How it could be exploited

An attacker with a local user account on the VideoEdge system gains access to the configuration file through the local file system. By editing this file, the attacker can change critical system parameters or disable VideoEdge functionality without needing administrative privileges.

Prerequisites

Local user account on the VideoEdge system
Write access to configuration files
Physical or local network access to the device

Low complexity attackRequires valid user accountLocal access onlyConfiguration tamperingNo patch available for versions before 6.1.1

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

VideoEdge: < 6.1.1< 6.1.16.1.1

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict local user account creation and limit filesystem permissions on VideoEdge devices to prevent unprivileged users from modifying configuration files

HARDENINGImplement physical access controls to VideoEdge systems to prevent unauthorized local access

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate VideoEdge to version 6.1.1 or later

Long-term hardening

0/2

HARDENINGIsolate VideoEdge network recorders from business networks behind firewalls

HARDENINGDisable remote access to VideoEdge unless required; use VPN if remote access is necessary

CVEs (1)

CVE-2023-3749

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/29e5c8e0-334c-48c8-a1e2-e02a6917816e