Pelco Sarix Professional 3 Series Cameras Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in the web management interface of Pelco Sarix Professional 3 Series Cameras, all versions through 02.52. This vulnerability arises from insufficient access control enforcement, allowing certain functionalities to be accessed without proper authentication. As a result, unauthorized users could potentially view live video streams, leading to privacy violations and operational risks for organizations using these cameras. Additionally, this vulnerability could create regulatory and compliance challenges.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive device data, allowing attackers to bypass surveillance controls and view live video feeds. This could lead to privacy breaches, operational risks, and regulatory compliance issues for affected organizations.

Remediation

CISA recommends minimizing network exposure for control system devices, ensuring they are not accessible from the internet. Control system networks and remote devices should be located behind firewalls and isolated from business networks. When remote access is necessary, use secure methods such as Virtual Private Networks (VPNs), keeping in mind that VPNs may have vulnerabilities and should be updated to the latest version. Organizations should perform a proper impact analysis and risk assessment before implementing defensive measures.