The updates can be obtained with a customer account at the following location (login required): Honeywell has released firmware update packages for all affected products. Ismail Bulbil reported this vulnerability to CISA. COMPANY HEADQUARTERS LOCATION: United States.CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy, Healthcare and Public Health.A CVSS v3 base score of 5.3 has been calculated the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). The integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network.ĬVE-2019-13523 has been assigned to this vulnerability. The following versions of Honeywell Performance IP Series cameras and Performance Series NVRs are affected:ģ.2 VULNERABILITY OVERVIEW 2.2.1 INFORMATION EXPOSURE CWE-200 Successful exploitation of this vulnerability could allow an attacker to view device configuration information. Equipment: Performance IP Cameras and Performance NVRs.ATTENTION: Exploitable remotely/low skill level to exploit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |