OTPulse
FeedAboutContact

Industrial Video & Control Longwatch

Act Now9.8ICS-CERT ICSA-25-336-01Dec 2, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A code injection vulnerability in Industrial Video & Control Longwatch versions 6.309 through 6.334 allows an unauthenticated attacker with network access to execute arbitrary code with elevated privileges on the device. This affects industrial video surveillance and control systems used in manufacturing. The vulnerability is due to unsafe handling of input (CWE-94).

What this means
What could happen
An unauthenticated attacker on the network can run commands on the Longwatch video/control system with elevated privileges, allowing them to disable monitoring, alter control logic, or disrupt industrial video surveillance and control operations.
Who's at risk
Manufacturing facilities using Industrial Video & Control Longwatch for video monitoring and process control, particularly any that allow network access to the Longwatch device from untrusted segments or the internet.
How it could be exploited
An attacker with network access to the Longwatch device exploits an unsafe code execution flaw (CWE-94) without needing credentials or user interaction. The attacker sends a malicious request to the vulnerable Longwatch service, triggering remote code execution with elevated privileges.
Prerequisites
  • Network access to the Longwatch device on its listening port
  • No authentication required
  • Vulnerable version 6.309 to 6.334 deployed
Remotely exploitableNo authentication requiredLow complexity attackCVSS 9.8 criticalAffects control system operationsCWE-94 code injection
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Longwatch: >=6.309|<6.334≥ 6.309|<6.3346.335 or later
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to Longwatch device—ensure it is not reachable from the internet or untrusted networks
HARDENINGPlace Longwatch behind a firewall and isolate its network segment from business/office networks
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Longwatch to version 6.335 or later
Long-term hardening
0/1
HARDENINGIf remote access to Longwatch is required, use a VPN with current security patches
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/390fb9dc-3bae-44d1-8405-a1e07c5039e1