Detections
Analytics

Sensormatic Electronics Illustra Pro Gen 4 Active Debug Code (CVE-2023-0954)

critical Tenable OT Security Plugin ID 502273

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

​Sensormatic Electronics has provided the following mitigations:

- ​Update Illustra Pro Gen 4 Dome to version 6.00.00.
- ​Update Illustra Pro Gen 4 PTZ to version 6.00.00.

​The camera can be upgraded via the web GUI using firmware Illustra provides, which can be found on www.illustracameras.com. The firmware can also be upgraded using the Illustra Connect tool (Windows based) or Illustra Tools (mobile app) or victor/VideoEdge, which also provides bulk firmware upgrade capability. Refer to the respective application documents for further information.

​For additional information, refer to Johnson Controls Product Security Advisory JCI-PSA-2023-02 v1.


See Also

http://www.nessus.org/u?2b3657b1

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-02

Plugin Details

Severity: Critical

ID: 502273

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 6/18/2024

Updated: 6/19/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-0954

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:johnsoncontrols:illustra_pro_gen_4_ptz_firmware, cpe:/o:johnsoncontrols:illustra_pro_gen_4_dome_firmware

Required KB Items: Tenable.ot/Illustra

Exploit Ease: No known exploits are available

Patch Publication Date: 6/8/2023

Vulnerability Publication Date: 6/8/2023

Reference Information

CVE: CVE-2023-0954