ICSA-23-285-14
·
Published 2023-10-12
·
View on CISA ICS-CERT ↗
Hikvision Access Control and Intercom Products
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of these vulnerabilities could result in an attacker hijacking a session and gaining device operation permissions, or result in an attacker modifying device network configuration by sending specific data packets to a vulnerable interface within the same local network.
CVEs (2)
Remediations
- Hikvision recommends users download patches/updates to mitigate these vulnerabilities. The upgrade can be downloaded from the Hikvision official website.
Affected Vendors
Hikvision
Affected Products (11)
Hikvision
·
DS-K1T804AXX
<=1.4.0_build221212
Hikvision
·
DS-K1T341AXX
<=3.2.30_build221223
Hikvision
·
DS-K1T671XXX
<=3.2.30_build221223
Hikvision
·
DS-K1T343XXX
<=3.14.0_build230117
Hikvision
·
DS-K1T341C
<=3.3.8_build230112
Hikvision
·
DS-K1T320XXX
<=3.5.0_build220706
Hikvision
·
DS-KH63 Series
<=2.2.8_build230219
Hikvision
·
DS-KH85 Series
<=2.2.8_build230219
Hikvision
·
DS-KH62 Series
<=1.4.62_build220414
Hikvision
·
DS-KH9310-WTE1(B)
<=2.1.76_build230204
Hikvision
·
DS-KH9510-WTE1(B)
<=2.1.76_build230204
Affected Sectors
Commercial Facilities, Government Facilities
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more