Pelco, Inc. Sarix Pro 3 Series IP Cameras

Plan PatchCVSS 7.5ICS-CERT ICSA-26-057-02Feb 26, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Pelco Sarix Professional 3 Series IP cameras (IWP, IMP, IXP, IBP models) running firmware version 02.52 or earlier contain an authentication bypass vulnerability (CWE-288) that allows unauthenticated attackers with network access to gain access to camera feeds, video recordings, and device configuration. Successful exploitation could allow attackers to bypass surveillance controls, access sensitive facility video data, and expose the facility to privacy breaches and operational risks.

What this means

What could happen

An attacker could gain unauthorized access to camera feeds and sensitive device data, bypassing surveillance controls and exposing facilities to privacy breaches and operational disruption.

Who's at risk

This affects organizations operating Pelco Sarix Professional 3 Series IP cameras (IWP, IMP, IXP, IBP models) used for physical security surveillance in water utilities, electric utilities, manufacturing plants, and other critical infrastructure. Security teams and facility managers responsible for surveillance systems are most directly impacted.

How it could be exploited

An attacker with network access to the camera can exploit an authentication weakness (CWE-288) to bypass security controls and access video feeds and device configuration without valid credentials.

Prerequisites

Network access to the Sarix Professional 3 Series camera on port 80/443 or management interface
No valid credentials required for exploitation

remotely exploitableno authentication requiredlow complexityaffects surveillance and security systemsauthentication bypass vulnerability

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Sarix Professional IWP 3 Series: <=02.52≤ 02.5202.53+

Sarix Professional IMP 3 Series: <=02.52≤ 02.5202.53+

Sarix Professional IXP 3 Series: <=02.52≤ 02.5202.53+

Sarix Professional IBP 3 Series: <=02.52≤ 02.5202.53+

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGRestrict network access to Sarix Professional 3 Series cameras to authorized management stations only via firewall rules

HARDENINGChange default camera passwords if not already done

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Sarix Professional IWP 3 Series camera firmware to version 02.53 or later

HOTFIXUpdate Sarix Professional IMP 3 Series camera firmware to version 02.53 or later

HOTFIXUpdate Sarix Professional IXP 3 Series camera firmware to version 02.53 or later

HOTFIXUpdate Sarix Professional IBP 3 Series camera firmware to version 02.53 or later

CVEs (1)

CVE-2026-1241

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/96944fd3-b906-45df-9e7c-42c53671e957

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.