PTZOptics and Other Pan-Tilt-Zoom Cameras

Act Now9.8ICS-CERT ICSA-25-162-10Jun 12, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple pan-tilt-zoom camera models from PTZOptics, SMTAV, multiCAM Systems, and ValueHD contain critical vulnerabilities in authentication (CWE-287), command injection (CWE-78), and hard-coded credentials (CWE-798). Successful exploitation allows attackers to leak sensitive data, execute arbitrary commands, and access the admin web interface without valid credentials. The vulnerabilities are remotely exploitable with no user interaction, no authentication required, and low attack complexity. PTZOptics states a fix is available on their Known Vulnerabilities and Fixes site; SMTAV, multiCAM Systems, and ValueHD have not responded to vendor coordination requests and no fixes are available for their products. This vulnerability is actively being exploited in the wild.

What this means

What could happen

An attacker with network access to these cameras could leak sensitive video and configuration data, run arbitrary commands on the device, or gain unauthorized administrative access using hard-coded credentials, potentially compromising facility surveillance and enabling further network intrusion.

Who's at risk

Any water authority or utility operating PTZOptics pan-tilt-zoom cameras (including PT12X, PT20X, PT30X, PTEPTZ, PT-STUDIOPRO, and 4K models) in control rooms, water intake facilities, treatment plants, or substations. Also affects facilities using SMTAV, multiCAM Systems, or ValueHD pan-tilt-zoom cameras. These devices are typically used for remote facility monitoring, dam operations, and critical infrastructure oversight.

How it could be exploited

An attacker on your network (or from the internet if the camera is exposed) can send specially crafted requests to the camera's web interface or control protocols to exploit authentication bypass, command injection, or weak credential issues. No special tools, credentials, or user interaction are required—the attack works automatically once the attacker reaches the camera.

Prerequisites

Network access to the camera (port 80/443 HTTP/HTTPS or control protocol ports)
Camera must be running an affected firmware version
No authentication required for exploitation

Remotely exploitable from the network or internetNo authentication requiredLow complexity attackActively exploited (KEV)High exploit probability (83.6% EPSS)No vendor patch currently available for most productsHard-coded default credentials in affected models

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (39)

1 pending38 EOL

ProductAffected VersionsFix Status

PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera: <=7.2.94≤ 7.2.94No fix (EOL)

SMTAV Pan-Tilt-Zoom Cameras: vers:all/*All versionsNo fix (EOL)

ValueHD Pan-Tilt-Zoom Cameras: vers:all/*All versionsNo fix (EOL)

PTZOptics PT12X-SDI-xx-G2: <=6.3.34≤ 6.3.34No fix (EOL)

PTZOptics PT12X-NDI-xx: <=6.3.34≤ 6.3.34No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate all PTZOptics and third-party pan-tilt-zoom cameras from the internet; place them on a separate network segment behind a firewall with restricted access rules

HARDENINGRestrict network access to camera management interfaces to only authorized engineering workstations or control systems; implement access control lists (ACLs) on network switches or firewalls

HARDENINGMonitor network traffic to and from cameras for suspicious activity; implement intrusion detection signatures if available

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGDocument which cameras are in use, their firmware versions, and their network locations for compliance and incident response planning

HOTFIXContact PTZOptics to obtain and evaluate available firmware patches from their Known Vulnerabilities and Fixes site once they are released; plan a maintenance window to apply patches

CVEs (4)

CVE-2024-8956 CVE-2024-8957 CVE-2025-35451 CVE-2025-35452

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b44e0598-9c90-408c-9aa3-3d8e7c18f034