---
title: "ABB Camera Connect Vulnerabilities: Critical VLC Flaws Expose Systems"
short_title: "ABB Camera Connect critical VLC flaws expose systems"
description: "ABB Ability Camera Connect versions ≤1.5.0.14 affected by 19 VLC media player vulnerabilities, including heap overflows and RCE risks. Patch now to secure critical infrastructure."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [abb, vlc, cve, rce, critical-infrastructure]
score: 0.85
cve_ids: [CVE-2024-46461, CVE-2023-47360, CVE-2023-47359, CVE-2023-46814, CVE-2022-41325, CVE-2020-26664, CVE-2019-19721, CVE-2019-13962, CVE-2019-13615, CVE-2019-13602, CVE-2019-5460, CVE-2019-5459, CVE-2019-5439, CVE-2018-11529, CVE-2017-17670, CVE-2017-10699, CVE-2017-9301, CVE-2017-9300, CVE-2017-8313, CVE-2017-8312, CVE-2017-8311, CVE-2017-8310]
---
## TL;DR
ABB Ability Camera Connect versions 1.5.0.14 and below are affected by 19 critical vulnerabilities in the bundled VLC media player (v2.2.4). These flaws, including heap-based buffer overflows, integer underflows, and remote code execution (RCE) risks, could allow attackers to compromise systems. ABB has released version 1.5.0.15 to patch these issues, urging immediate updates for deployments in critical infrastructure sectors like energy, manufacturing, and transportation.
Main Content
### Introduction
ABB has issued a security advisory addressing multiple high-severity vulnerabilities in its Ability Camera Connect software, stemming from an outdated VLC media player component. The affected versions (≤1.5.0.14) are deployed across critical infrastructure sectors worldwide, including chemical, energy, and transportation systems. Exploitation of these flaws could lead to denial-of-service (DoS) attacks, arbitrary code execution, or system crashes, posing significant risks to operational security. ABB has released version 1.5.0.15 to mitigate these threats, emphasizing the urgency of updates for air-gapped and isolated environments.
### Key Points
- Affected Versions: ABB Ability Camera Connect ≤1.5.0.14, bundled with VLC media player v2.2.4.
- Critical Vulnerabilities: 19 CVEs identified, including heap-based buffer overflows, integer underflows, and RCE risks (e.g., CVE-2023-47359 with a CVSS score of 9.8).
- Impacted Sectors: Chemical, commercial facilities, communications, critical manufacturing, energy, and transportation systems.
- Mitigation: Update to version 1.5.0.15 or apply VLC patches independently. Air-gapped deployments reduce but do not eliminate risks.
- Attack Vector: Exploitation requires malicious media files (e.g., MKV, MP4, or MMS streams) or local access to vulnerable systems.
### Technical Details
The vulnerabilities originate from VLC media player v2.2.4, a third-party component bundled with ABB Ability Camera Connect. Key flaws include:
#### Heap-Based Buffer Overflows
- CVE-2023-47359: Heap overflow in GetPacket() function, leading to memory corruption (CVSS 9.8).
- CVE-2020-26664: Heap overflow via crafted .mkv files, enabling arbitrary code execution.
#### Integer Underflows and Overflows
- CVE-2023-47360: Integer underflow causing incorrect packet length calculations.
- CVE-2022-41325: Integer overflow in the VNC module, potentially crashing VLC or enabling RCE.
#### Use-After-Free and Memory Corruption
- CVE-2018-11529: Use-after-free vulnerability via crafted MKV files (CVSS 8.0).
- CVE-2019-5460: Double-free error leading to crashes (CVSS 5.5).
#### Binary Hijacking and Privilege Escalation
- CVE-2023-46814: Binary hijacking in VLC’s uninstaller, allowing SYSTEM-level code execution (CVSS 7.8).
#### Out-of-Bounds Reads/Writes
- CVE-2019-13962: Heap-based buffer over-read due to unvalidated width/height in media files (CVSS 9.8).
- CVE-2017-9300: Heap corruption via crafted FLAC files (CVSS 7.8).
### Impact Assessment
#### Potential Consequences
- Remote Code Execution (RCE): Attackers could execute arbitrary code with the privileges of the affected system, leading to full system compromise.
- Denial-of-Service (DoS): Exploitation of memory corruption flaws could crash the VLC component or the entire Camera Connect application.
- Privilege Escalation: Vulnerabilities like CVE-2023-46814 could allow attackers to gain SYSTEM-level access on Windows deployments.
- Data Exfiltration: While less likely in air-gapped environments, successful exploitation could enable unauthorized data access or manipulation.
#### Risk Mitigation in Isolated Environments
While ABB emphasizes that Camera Connect is typically deployed in air-gapped or isolated environments, the following risks remain:
- Local Attack Vector: Malicious insiders or compromised media files (e.g., USB drives) could still exploit these flaws.
- Operational Disruption: Even in isolated systems, crashes or RCE could disrupt critical monitoring functions in sectors like energy or transportation.
- Compliance Risks: Unpatched vulnerabilities may violate industry regulations (e.g., NERC CIP, IEC 62443) for critical infrastructure protection.
### Attack Vector
Exploitation requires one of the following conditions:
1. Malicious Media Files: Attackers trick users into opening crafted files (e.g., MKV, MP4, or MMS streams) via:
- Phishing emails (if email access exists in isolated networks).
- Compromised USB drives or external media.
2. Local Access: Attackers with physical or remote access to the system could:
- Place malicious files in trusted directories.
- Exploit binary hijacking vulnerabilities (e.g., CVE-2023-46814) to escalate privileges.
3. Network Exposure: While rare in air-gapped environments, misconfigured firewalls or temporary network connections could expose systems to remote exploitation.
### Mitigation Steps
#### Immediate Actions
1. Update to Version 1.5.0.15: ABB’s patched release removes the vulnerable VLC component.
2. Patch VLC Independently: Customers can update VLC media player to the latest version (v3.0.20 or later) without waiting for a full Camera Connect update.
3. Restrict Media Sources: Enforce policies to only use trusted media files from verified sources.
4. Disable Unnecessary Features: Disable VLC’s network streaming capabilities if not required for operation.
#### Long-Term Recommendations
- Network Segmentation: Isolate Camera Connect systems from business networks and internet access.
- User Training: Educate staff on the risks of opening untrusted media files, even in isolated environments.
- Monitoring: Deploy intrusion detection systems (IDS) to detect unusual activity, such as unexpected crashes or file modifications.
- Regular Audits: Conduct periodic security audits to ensure compliance with critical infrastructure standards.
### Affected Systems
| Vendor | Product | Affected Versions | Status |
|------------|---------------------------------|----------------------------|--------------------------|
| ABB | Ability Camera Connect | ≤1.5.0.14 | Fixed in 1.5.0.15 |
| VideoLAN | VLC media player | ≤2.2.4 | Patched in ≥3.0.20 |
Critical Infrastructure Sectors:
- Chemical
- Commercial Facilities
- Communications
- Critical Manufacturing
- Energy
- Transportation Systems
Deployment Locations: Worldwide
## Conclusion
The discovery of 19 critical vulnerabilities in ABB Ability Camera Connect underscores the risks posed by outdated third-party components in critical infrastructure. While air-gapped deployments mitigate some risks, the potential for local exploitation—via malicious media files or insider threats—remains a serious concern. Organizations must prioritize updates to version 1.5.0.15 or apply VLC patches independently to prevent RCE, DoS, or privilege escalation attacks.
For sectors like energy and transportation, where operational continuity is paramount, proactive patching and strict media controls are essential to maintaining security and compliance. ABB’s advisory serves as a reminder that even isolated systems require vigilant vulnerability management to safeguard against evolving threats.
## References
[^1]: ABB PSIRT. "ICSA-26-146-05 ABB Ability Camera Connect". Retrieved 2024-10-02.
[^2]: CISA. "ICS Advisory ICSA-26-146-05". Retrieved 2024-10-02.
[^3]: VideoLAN. "VLC Security Advisories". Retrieved 2024-10-02.
[^4]: MITRE. "CVE List". Retrieved 2024-10-02.