SystemK NVR 504/508/516

Act Now9.8ICS-CERT ICSA-24-025-02Jan 25, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SystemK NVR devices (models 504, 508, 516) running version 2.3.5SK.30084998 contain a command injection vulnerability (CWE-77) that allows unauthenticated, network-based attackers to execute arbitrary commands with root privileges. The vulnerability has a CVSS v3.1 score of 9.8. SystemK has not engaged with CISA to develop patches or workarounds. No public exploitation has been reported, but the lack of vendor response leaves these devices at risk.

What this means

What could happen

An attacker with network access to a SystemK NVR could run arbitrary commands with root privileges, potentially disrupting video surveillance operations or gaining deeper access to facility infrastructure.

Who's at risk

Video surveillance operators and facility managers who rely on SystemK NVR 504, 508, or 516 models for continuous monitoring of critical infrastructure, building access, or perimeter security. This is particularly important for water utilities and electric utilities that use NVRs to monitor treatment plants, substations, or control room access.

How it could be exploited

An attacker on the network (or from the internet if the NVR is exposed) sends a crafted request to the vulnerable NVR application. The vulnerability allows command execution without authentication, giving the attacker root-level control of the device.

Prerequisites

Network reachability to the SystemK NVR device (port and service not specified in advisory—check your configuration)
No authentication required

Remotely exploitableNo authentication requiredLow complexity attackNo patch available from vendorRoot-level code execution possibleVendor non-responsive to mitigation requests

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

NVR 504: 2.3.5SK.300849982.3.5SK.30084998No fix (EOL)

NVR 508: 2.3.5SK.300849982.3.5SK.30084998No fix (EOL)

NVR 516: 2.3.5SK.300849982.3.5SK.30084998No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGMinimize network exposure: ensure SystemK NVR devices are not accessible from the internet, isolated to a dedicated surveillance network behind a firewall

HARDENINGIsolate NVR networks from business networks using network segmentation or air-gapping

WORKAROUNDIf remote access to the NVR is required, use a VPN with current security patches and strong authentication

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from NVR devices for suspicious command execution patterns or unexpected outbound connections

HOTFIXContact SystemK customer support to inquire about vendor response and any undisclosed mitigations or timeline for patches

CVEs (1)

CVE-2023-7227

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a896452b-de90-4164-92eb-3a5e3770614d