Industrial Video & Control Longwatch

Plan PatchCVSS 9.8ICS-CERT ICSA-25-336-01Dec 2, 2025

Manufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Industrial Video & Control Longwatch versions 6.309 through 6.334 contain a code injection vulnerability (CWE-94) that allows an unauthenticated attacker to gain remote code execution with elevated privileges. The vulnerability has a CVSS 3.1 score of 9.8, indicating network-accessible exploitation with no authentication requirement and low attack complexity.

What this means

What could happen

An attacker could execute arbitrary commands on Longwatch systems with elevated privileges, potentially disrupting video surveillance and control operations at manufacturing facilities or allowing modification of operational parameters.

Who's at risk

Manufacturing facilities and utilities running Industrial Video & Control Longwatch for surveillance, monitoring, and control operations. This includes facilities that rely on video systems for security, process monitoring, or remote operational oversight. Any organization using affected versions (6.309–6.334) should prioritize patching.

How it could be exploited

An attacker on the network sends a crafted request exploiting code injection (CWE-94) to a Longwatch device running an affected version. The vulnerability requires no authentication and is network-accessible, allowing the attacker to inject and execute code with elevated privileges.

Prerequisites

<parameter name="prerequisites"> <parameter name="item>Network reachability to the Longwatch device on its exposed port or interface

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)code injection allows arbitrary execution

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Longwatch: >=6.309|<6.334≥ 6.309|<6.3346.335+

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to Longwatch devices by implementing firewall rules to limit inbound connections to only authorized management and monitoring hosts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Longwatch to version 6.335 or later

Long-term hardening

0/2

HARDENINGIsolate Longwatch systems and video surveillance infrastructure from the business network by placing them behind a dedicated firewall on a segmented OT network

HARDENINGIf remote access to Longwatch is required, enforce access through a VPN with multi-factor authentication and keep VPN infrastructure updated to the latest version

CVEs (1)

CVE-2025-13658

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/390fb9dc-3bae-44d1-8405-a1e07c5039e1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.