9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.6%
A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502273);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/19");
script_cve_id("CVE-2023-0954");
script_name(english:"Sensormatic Electronics Illustra Pro Gen 4 Active Debug Code (CVE-2023-0954)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and
PTZ cameras allows a user to compromise credentials after a long
period of sustained attack.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.johnsoncontrols.com/-/media/project/jci-global/johnson-controls/us-region/united-states-johnson-controls/cyber-solutions/security-advisories/documents/jci-psa-2023-02.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2b3657b1");
script_set_attribute(attribute:"see_also", value:"https://www.johnsoncontrols.com/cyber-solutions/security-advisories");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-02");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
âSensormatic Electronics has provided the following mitigations:
- âUpdate Illustra Pro Gen 4 Dome to version 6.00.00.
- âUpdate Illustra Pro Gen 4 PTZ to version 6.00.00.
âThe camera can be upgraded via the web GUI using firmware Illustra provides, which can be found on
www.illustracameras.com. The firmware can also be upgraded using the Illustra Connect tool (Windows based) or Illustra
Tools (mobile app) or victor/VideoEdge, which also provides bulk firmware upgrade capability. Refer to the respective
application documents for further information.
âFor additional information, refer to Johnson Controls Product Security Advisory JCI-PSA-2023-02 v1.
â");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-0954");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/08");
script_set_attribute(attribute:"patch_publication_date", value:"2023/06/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:johnsoncontrols:illustra_pro_gen_4_dome_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:johnsoncontrols:illustra_pro_gen_4_ptz_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Illustra");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Illustra');
var asset = tenable_ot::assets::get(vendor:'Illustra');
var vuln_models = {
# Illustra Pro Gen 4 Dome
'IPS02D12OI04' :
{"versionEndExcluding" : "ss016.05.09.04.0006"},
'IPS02D17OI04' :
{"versionEndExcluding" : "ss016.05.09.04.0006"},
'IPS04D12OI04' :
{"versionEndExcluding" : "ss016.05.09.04.0006"},
'IPS04D14OI04' :
{"versionEndExcluding" : "ss016.05.09.04.0006"},
'IPS08D13OI04' :
{"versionEndExcluding" : "ss016.05.09.04.0006"},
'IPS08D14OI04' :
{"versionEndExcluding" : "ss016.05.09.04.0006"},
'IPS02C10OIA4' :
{"versionEndExcluding" : "ss016.05.09.04.0006"},
'IPS04C10OIA4' :
{"versionEndExcluding" : "ss016.05.09.04.0006"},
'IPS08C10OIA4' :
{"versionEndExcluding" : "ss016.05.09.04.0006"},
# Illustra Pro Gen 4 PTZ
'IPS02P07RT04' :
{"versionEndExcluding" : "ss010.05.09.04.0022"},
'IPS08P25RT04' :
{"versionEndExcluding" : "ss010.05.09.04.0022"},
'IPS08P25OI04' :
{"versionEndExcluding" : "ss010.05.09.04.0022"},
'IPS02P24OI04' :
{"versionEndExcluding" : "ss010.05.09.04.0022"}
};
tenable_ot::cve::compare_and_report(asset:asset, vuln_models:vuln_models, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
johnsoncontrols | illustra_pro_gen_4_ptz_firmware | cpe:/o:johnsoncontrols:illustra_pro_gen_4_ptz_firmware | |
johnsoncontrols | illustra_pro_gen_4_dome_firmware | cpe:/o:johnsoncontrols:illustra_pro_gen_4_dome_firmware |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.6%