ICAM365 CCTV Camera Multiple Models

MonitorCVSS 6.8ICS-CERT ICSA-25-324-02Nov 20, 2025

Attack path

Attack VectorAdjacent

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ICAM365 CCTV cameras (ROBOT PT Camera P201 and Night Vision Camera QC021) contain authentication bypass vulnerabilities affecting camera models with firmware version 43.4.0.0 or earlier. An attacker on the same local network could access live video streams and camera configuration data without credentials. ICAM365 did not respond to CISA coordination efforts and has not indicated availability of firmware updates. These vulnerabilities are not exploitable remotely but require local network access.

What this means

What could happen

An attacker with local network access could view live camera feeds and access stored video or configuration data without authentication. This could allow surveillance of facility operations or extraction of system settings, but does not directly affect PLC/RTU control systems or process safety.

Who's at risk

CCTV camera operators and facility managers at water authorities, utilities, and industrial sites using ICAM365 ROBOT PT Camera P201 or Night Vision Camera QC021 should implement network isolation controls. These cameras are typically used for perimeter monitoring, facility surveillance, or process observation and do not directly control critical operations, but unauthorized video access could support social engineering or facility reconnaissance by attackers.

How it could be exploited

An attacker on the same local network segment (not remote) could send requests to the camera's API or web interface and access video streams and configuration data without providing valid credentials due to missing or insufficient access controls.

Prerequisites

Local network access to the camera (same LAN segment, not Internet-routable)
No valid credentials required

no authentication requiredlow complexityno patch availablelocal network access only (not remotely exploitable)

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

ROBOT PT Camera P201: <=43.4.0.0≤ 43.4.0.0No fix (EOL)

Night Vision Camera QC021: <=43.4.0.0≤ 43.4.0.0No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate CCTV cameras on a separate network segment with firewall rules allowing only authorized viewing/configuration workstations to communicate with cameras

HARDENINGRestrict administrative access to camera configuration interfaces to authorized engineering workstations only via firewall ACLs on port 80/443 and any proprietary ports

HARDENINGEnsure cameras are not accessible from the Internet; verify no port forwarding or remote access rules expose cameras to WAN

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDContact ICAM365 directly to determine if firmware updates or security patches are available for your specific camera models

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: ROBOT PT Camera P201: <=43.4.0.0, Night Vision Camera QC021: <=43.4.0.0. Apply the following compensating controls:

HARDENINGIf VPN remote access to CCTV is required, ensure VPN is properly segmented from control system networks and restricted to authorized personnel only

CVEs (2)

CVE-2025-64770 CVE-2025-62674

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e53d8c4c-c030-4cfc-9ec3-1fb8eed6120c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.