Search criteria
6 vulnerabilities found for h2w4per3_firmware by honeywell
CVE-2019-18228 (GCVE-0-2019-18228)
Vulnerability from nvd – Published: 2019-10-31 21:09 – Updated: 2024-08-05 01:47
VLAI?
Summary
Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-20 - IMPROPER INPUT VALIDATION CWE-20
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Honeywell equIP series IP cameras |
Affected:
H4L2GR1 prior to 2.420.HW01.33.20190812, HBL2GR1 prior to 2.420.HW01.33.20190812, HCL2G prior to 2.420.HW01.33.20190812, H4W2GR1 prior to 1.000.HW00.21.20190812, H4W2GR2 prior to 1.000.HW00.21.20190812, H4W4GR1 prior to 1.000.HW00.21.20190812, H3W2GR1 prior to 1.000.HW00.21.20190812, H3W2GR2 prior to 1.000.HW00.21.20190812, H3W4GR1 prior to 1.000.HW00.21.20190812, HBW2GR1 prior to 1.000.HW00.21.20190812, HBW4GR1 prior to 1.000.HW00.21.20190812, HBW2GR3 prior to 1.000.HW00.21.20190812, HCW2G prior to 1.000.HW00.21.20190812, HCW4G prior to 1.000.HW00.21.20190812
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Honeywell equIP series IP cameras",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "H4L2GR1 prior to 2.420.HW01.33.20190812, HBL2GR1 prior to 2.420.HW01.33.20190812, HCL2G prior to 2.420.HW01.33.20190812, H4W2GR1 prior to 1.000.HW00.21.20190812, H4W2GR2 prior to 1.000.HW00.21.20190812, H4W4GR1 prior to 1.000.HW00.21.20190812, H3W2GR1 prior to 1.000.HW00.21.20190812, H3W2GR2 prior to 1.000.HW00.21.20190812, H3W4GR1 prior to 1.000.HW00.21.20190812, HBW2GR1 prior to 1.000.HW00.21.20190812, HBW4GR1 prior to 1.000.HW00.21.20190812, HBW2GR3 prior to 1.000.HW00.21.20190812, HCW2G prior to 1.000.HW00.21.20190812, HCW4G prior to 1.000.HW00.21.20190812"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "IMPROPER INPUT VALIDATION CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T21:09:16",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Honeywell equIP series IP cameras",
"version": {
"version_data": [
{
"version_value": "H4L2GR1 prior to 2.420.HW01.33.20190812, HBL2GR1 prior to 2.420.HW01.33.20190812, HCL2G prior to 2.420.HW01.33.20190812, H4W2GR1 prior to 1.000.HW00.21.20190812, H4W2GR2 prior to 1.000.HW00.21.20190812, H4W4GR1 prior to 1.000.HW00.21.20190812, H3W2GR1 prior to 1.000.HW00.21.20190812, H3W2GR2 prior to 1.000.HW00.21.20190812, H3W4GR1 prior to 1.000.HW00.21.20190812, HBW2GR1 prior to 1.000.HW00.21.20190812, HBW4GR1 prior to 1.000.HW00.21.20190812, HBW2GR3 prior to 1.000.HW00.21.20190812, HCW2G prior to 1.000.HW00.21.20190812, HCW4G prior to 1.000.HW00.21.20190812"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18228",
"datePublished": "2019-10-31T21:09:16",
"dateReserved": "2019-10-22T00:00:00",
"dateUpdated": "2024-08-05T01:47:14.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18226 (GCVE-0-2019-18226)
Vulnerability from nvd – Published: 2019-10-31 21:21 – Updated: 2024-08-05 01:47
VLAI?
Summary
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
Severity ?
No CVSS data available.
CWE
- CWE-294 - AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders |
Affected:
H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.2 ...[truncated*]
Affected: H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01 ...[truncated*] Affected: HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, H ...[truncated*] |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.2 ...[truncated*]"
},
{
"status": "affected",
"version": "H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01 ...[truncated*]"
},
{
"status": "affected",
"version": "HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, H ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T21:21:04",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders",
"version": {
"version_data": [
{
"version_value": "H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.21.20190812, HDZ302D 1.000.0043.6.20190820, HDZ302DE 1.000.0043.6.20190820, HDZ302DIN 1.000.0043.6.20190820, HDZ302DIN-C1 1.000.0043.6.20190820, HDZ302DIN-S1 1.000.0043.6.20190820, HDZ302LIK 1.000.0062.3.20190816, HDZ302LIW 1.000.0062.3.20190816, HEPB302W01A04 1.000.0040.3.20190820, HEPB302W01A10 1.000.0040.3.20190820, HEPZ302W0 1.000.0039.3.20190820, HFD6GR1 1.000.HW00.12.20190819, HFD8GR1 1.000.HW00.12.20190819, HM4L8GR1 1.000.HW02.8.20190813, HMBL8GR1 1.000.HW02.8.20190813, HSW2G1 2.460.HW00.5.R.20190827, HSW2G1 2.460.HW00.5.R.20190827, HSWB2G1 2.460.HW00.5.R.20190827, HSWB2G1 2.460.HW00.5.R.20190827"
},
{
"version_value": "H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01.1.190814, HED8PR1 1.000.HW01.3.20190820, HEW2PER2 1.000.HW01.3.20190820, HEW2PER3 1.000.HW01.3.20190820, HEW2PR1 1.000.HW01.1.190813, HEW2PR2 1.000.HW01.1.190814, HEW2PRW1 1.000.HW01.1.190813, HEW4PER2 1.000.HW01.3.20190820, HEW4PER2B 1.000.HW01.3.20190820, HEW4PER3 1.000.HW01.3.20190820, HEW4PER3B 1.000.HW01.3.20190820, HEW4PR2 1.000.HW01.1.190814, HEW4PR3 1.000.HW01.1.190813, HEW4PRW3 1.000.HW01.1.190813, HFD5PR1 1.000.HW01.1.20190822, HPW2P1 1.000.HW01.3.20190820"
},
{
"version_value": "HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, HEN081124 3.215.00HW002.2.20190829, HEN16104 3.215.00HW002.2.20190829, HEN16144 3.215.00HW002.2.20190829, HEN16184 3.215.00HW002.2.20190829, HEN32104 3.215.00HW002.2.20190829, HEN321124 3.215.00HW002.2.20190829, HEN16204 3.215.00HW002.2.20190829, HEN16284 3.215.00HW002.2.20190829, HEN162244 3.215.00HW002.2.20190829, HEN32204 3.215.00HW002.2.20190829, HEN32284 3.215.00HW002.2.20190829, HEN322164 3.215.00HW002.2.20190829, HEN64204 3.215.00HW002.2.20190829, HEN642164 3.215.00HW002.2.20190829, HEN16304 3.215.00HW002.2.20190829, HEN16384 3.215.00HW002.2.20190829, HEN32304 3.215.00HW002.2.20190829, HEN32384 3.215.00HW002.2.20190829, HEN323164 3.215.00HW002.2.20190829, HEN64304 3.215.00HW002.2.20190829, HEN643164 3.215.00HW002.2.20190829, HEN643324 3.215.00HW002.2.20190829, HEN643484 3.215.00HW002.2.20190829, HRHT4040 1.000.00HW001.2.190822, HRHT4041 1.000.00HW001.2.190822, HRHT4042 1.000.00HW001.2.190822, HRHT4080 1.000.00HW001.2.190822, HRHT4082 1.000.00HW001.2.190822, HRHT4084 1.000.00HW001.2.190822, HRHT4160 1.000.00HW001.2.190822, HRHT4162 1.000.00HW001.2.190822, HRHT4164 1.000.00HW001.2.190822, HRHT4166 1.000.00HW001.2.190822, HRHT41612 1.000.00HW001.2.190822, HRHQ1040 1.000.00HW001.1.190822, HRHQ1040L 1.000.00HW001.1.190822, HRHQ1041 1.000.00HW001.1.190822, HRHQ1080 1.000.00HW001.1.190822, HRHQ1080L 1.000.00HW001.1.190822, HRHQ1081 1.000.00HW001.1.190822, HRHQ1082 1.000.00HW001.1.190822, HRHQ1160 1.000.00HW001.1.190822, HRHQ1161 1.000.00HW001.1.190822, HRHQ1162 1.000.00HW001.1.190822, HRHQ1164 1.000.00HW001.1.190822"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18226",
"datePublished": "2019-10-31T21:21:04",
"dateReserved": "2019-10-22T00:00:00",
"dateUpdated": "2024-08-05T01:47:14.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13523 (GCVE-0-2019-13523)
Vulnerability from nvd – Published: 2019-09-26 14:22 – Updated: 2024-08-04 23:57
VLAI?
Summary
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.
Severity ?
No CVSS data available.
CWE
- CWE-200 - INFORMATION EXPOSURE CWE-200
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Honeywell | Performance IP Cameras |
Affected:
HBD3PR2
Affected: H4D3PRV3 Affected: HED3PR3 Affected: H4D3PRV2 Affected: HBD3PR1 Affected: H4W8PR2 Affected: HBW8PR2 Affected: H2W2PC1M Affected: H2W4PER3 Affected: H2W2PER3 Affected: HEW2PER3 Affected: HEW4PER3B Affected: HBW2PER1 Affected: HEW4PER2 Affected: HEW4PER2B Affected: HEW2PER2 Affected: H4W2PER2 Affected: HBW2PER2 Affected: H4W2PER3 Affected: HPW2P1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Performance IP Cameras",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "HBD3PR2"
},
{
"status": "affected",
"version": "H4D3PRV3"
},
{
"status": "affected",
"version": "HED3PR3"
},
{
"status": "affected",
"version": "H4D3PRV2"
},
{
"status": "affected",
"version": "HBD3PR1"
},
{
"status": "affected",
"version": "H4W8PR2"
},
{
"status": "affected",
"version": "HBW8PR2"
},
{
"status": "affected",
"version": "H2W2PC1M"
},
{
"status": "affected",
"version": "H2W4PER3"
},
{
"status": "affected",
"version": "H2W2PER3"
},
{
"status": "affected",
"version": "HEW2PER3"
},
{
"status": "affected",
"version": "HEW4PER3B"
},
{
"status": "affected",
"version": "HBW2PER1"
},
{
"status": "affected",
"version": "HEW4PER2"
},
{
"status": "affected",
"version": "HEW4PER2B"
},
{
"status": "affected",
"version": "HEW2PER2"
},
{
"status": "affected",
"version": "H4W2PER2"
},
{
"status": "affected",
"version": "HBW2PER2"
},
{
"status": "affected",
"version": "H4W2PER3"
},
{
"status": "affected",
"version": "HPW2P1"
}
]
},
{
"product": "Performance NVRs",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "HEN08104"
},
{
"status": "affected",
"version": "HEN08144"
},
{
"status": "affected",
"version": "HEN081124"
},
{
"status": "affected",
"version": "HEN16104"
},
{
"status": "affected",
"version": "HEN16144"
},
{
"status": "affected",
"version": "HEN16184"
},
{
"status": "affected",
"version": "HEN16204"
},
{
"status": "affected",
"version": "HEN162244"
},
{
"status": "affected",
"version": "HEN16284"
},
{
"status": "affected",
"version": "HEN16304"
},
{
"status": "affected",
"version": "HEN16384"
},
{
"status": "affected",
"version": "HEN32104"
},
{
"status": "affected",
"version": "HEN321124"
},
{
"status": "affected",
"version": "HEN32204"
},
{
"status": "affected",
"version": "HEN32284"
},
{
"status": "affected",
"version": "HEN322164"
},
{
"status": "affected",
"version": "HEN32304"
},
{
"status": "affected",
"version": "HEN32384"
},
{
"status": "affected",
"version": "HEN323164"
},
{
"status": "affected",
"version": "HEN64204"
},
{
"status": "affected",
"version": "HEN64304"
},
{
"status": "affected",
"version": "HEN643164"
},
{
"status": "affected",
"version": "HEN643324"
},
{
"status": "affected",
"version": "HEN643484"
},
{
"status": "affected",
"version": "HEN04103"
},
{
"status": "affected",
"version": "HEN04113"
},
{
"status": "affected",
"version": "HEN04123"
},
{
"status": "affected",
"version": "HEN08103"
},
{
"status": "affected",
"version": "HEN08113"
},
{
"status": "affected",
"version": "HEN08123"
},
{
"status": "affected",
"version": "HEN08143"
},
{
"status": "affected",
"version": "HEN16103"
},
{
"status": "affected",
"version": "HEN16123"
},
{
"status": "affected",
"version": "HEN16143"
},
{
"status": "affected",
"version": "HEN16163"
},
{
"status": "affected",
"version": "HEN04103L"
},
{
"status": "affected",
"version": "HEN08103L"
},
{
"status": "affected",
"version": "HEN16103L"
},
{
"status": "affected",
"version": "HEN32103L"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "INFORMATION EXPOSURE CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T14:22:59",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Performance IP Cameras",
"version": {
"version_data": [
{
"version_value": "HBD3PR2"
},
{
"version_value": "H4D3PRV3"
},
{
"version_value": "HED3PR3"
},
{
"version_value": "H4D3PRV2"
},
{
"version_value": "HBD3PR1"
},
{
"version_value": "H4W8PR2"
},
{
"version_value": "HBW8PR2"
},
{
"version_value": "H2W2PC1M"
},
{
"version_value": "H2W4PER3"
},
{
"version_value": "H2W2PER3"
},
{
"version_value": "HEW2PER3"
},
{
"version_value": "HEW4PER3B"
},
{
"version_value": "HBW2PER1"
},
{
"version_value": "HEW4PER2"
},
{
"version_value": "HEW4PER2B"
},
{
"version_value": "HEW2PER2"
},
{
"version_value": "H4W2PER2"
},
{
"version_value": "HBW2PER2"
},
{
"version_value": "H4W2PER3"
},
{
"version_value": "HPW2P1"
}
]
}
},
{
"product_name": "Performance NVRs",
"version": {
"version_data": [
{
"version_value": "HEN08104"
},
{
"version_value": "HEN08144"
},
{
"version_value": "HEN081124"
},
{
"version_value": "HEN16104"
},
{
"version_value": "HEN16144"
},
{
"version_value": "HEN16184"
},
{
"version_value": "HEN16204"
},
{
"version_value": "HEN162244"
},
{
"version_value": "HEN16284"
},
{
"version_value": "HEN16304"
},
{
"version_value": "HEN16384"
},
{
"version_value": "HEN32104"
},
{
"version_value": "HEN321124"
},
{
"version_value": "HEN32204"
},
{
"version_value": "HEN32284"
},
{
"version_value": "HEN322164"
},
{
"version_value": "HEN32304"
},
{
"version_value": "HEN32384"
},
{
"version_value": "HEN323164"
},
{
"version_value": "HEN64204"
},
{
"version_value": "HEN64304"
},
{
"version_value": "HEN643164"
},
{
"version_value": "HEN643324"
},
{
"version_value": "HEN643484"
},
{
"version_value": "HEN04103"
},
{
"version_value": "HEN04113"
},
{
"version_value": "HEN04123"
},
{
"version_value": "HEN08103"
},
{
"version_value": "HEN08113"
},
{
"version_value": "HEN08123"
},
{
"version_value": "HEN08143"
},
{
"version_value": "HEN16103"
},
{
"version_value": "HEN16123"
},
{
"version_value": "HEN16143"
},
{
"version_value": "HEN16163"
},
{
"version_value": "HEN04103L"
},
{
"version_value": "HEN08103L"
},
{
"version_value": "HEN16103L"
},
{
"version_value": "HEN32103L"
}
]
}
}
]
},
"vendor_name": "Honeywell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INFORMATION EXPOSURE CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13523",
"datePublished": "2019-09-26T14:22:59",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18226 (GCVE-0-2019-18226)
Vulnerability from cvelistv5 – Published: 2019-10-31 21:21 – Updated: 2024-08-05 01:47
VLAI?
Summary
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
Severity ?
No CVSS data available.
CWE
- CWE-294 - AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders |
Affected:
H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.2 ...[truncated*]
Affected: H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01 ...[truncated*] Affected: HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, H ...[truncated*] |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.2 ...[truncated*]"
},
{
"status": "affected",
"version": "H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01 ...[truncated*]"
},
{
"status": "affected",
"version": "HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, H ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T21:21:04",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders",
"version": {
"version_data": [
{
"version_value": "H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.21.20190812, HDZ302D 1.000.0043.6.20190820, HDZ302DE 1.000.0043.6.20190820, HDZ302DIN 1.000.0043.6.20190820, HDZ302DIN-C1 1.000.0043.6.20190820, HDZ302DIN-S1 1.000.0043.6.20190820, HDZ302LIK 1.000.0062.3.20190816, HDZ302LIW 1.000.0062.3.20190816, HEPB302W01A04 1.000.0040.3.20190820, HEPB302W01A10 1.000.0040.3.20190820, HEPZ302W0 1.000.0039.3.20190820, HFD6GR1 1.000.HW00.12.20190819, HFD8GR1 1.000.HW00.12.20190819, HM4L8GR1 1.000.HW02.8.20190813, HMBL8GR1 1.000.HW02.8.20190813, HSW2G1 2.460.HW00.5.R.20190827, HSW2G1 2.460.HW00.5.R.20190827, HSWB2G1 2.460.HW00.5.R.20190827, HSWB2G1 2.460.HW00.5.R.20190827"
},
{
"version_value": "H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01.1.190814, HED8PR1 1.000.HW01.3.20190820, HEW2PER2 1.000.HW01.3.20190820, HEW2PER3 1.000.HW01.3.20190820, HEW2PR1 1.000.HW01.1.190813, HEW2PR2 1.000.HW01.1.190814, HEW2PRW1 1.000.HW01.1.190813, HEW4PER2 1.000.HW01.3.20190820, HEW4PER2B 1.000.HW01.3.20190820, HEW4PER3 1.000.HW01.3.20190820, HEW4PER3B 1.000.HW01.3.20190820, HEW4PR2 1.000.HW01.1.190814, HEW4PR3 1.000.HW01.1.190813, HEW4PRW3 1.000.HW01.1.190813, HFD5PR1 1.000.HW01.1.20190822, HPW2P1 1.000.HW01.3.20190820"
},
{
"version_value": "HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, HEN081124 3.215.00HW002.2.20190829, HEN16104 3.215.00HW002.2.20190829, HEN16144 3.215.00HW002.2.20190829, HEN16184 3.215.00HW002.2.20190829, HEN32104 3.215.00HW002.2.20190829, HEN321124 3.215.00HW002.2.20190829, HEN16204 3.215.00HW002.2.20190829, HEN16284 3.215.00HW002.2.20190829, HEN162244 3.215.00HW002.2.20190829, HEN32204 3.215.00HW002.2.20190829, HEN32284 3.215.00HW002.2.20190829, HEN322164 3.215.00HW002.2.20190829, HEN64204 3.215.00HW002.2.20190829, HEN642164 3.215.00HW002.2.20190829, HEN16304 3.215.00HW002.2.20190829, HEN16384 3.215.00HW002.2.20190829, HEN32304 3.215.00HW002.2.20190829, HEN32384 3.215.00HW002.2.20190829, HEN323164 3.215.00HW002.2.20190829, HEN64304 3.215.00HW002.2.20190829, HEN643164 3.215.00HW002.2.20190829, HEN643324 3.215.00HW002.2.20190829, HEN643484 3.215.00HW002.2.20190829, HRHT4040 1.000.00HW001.2.190822, HRHT4041 1.000.00HW001.2.190822, HRHT4042 1.000.00HW001.2.190822, HRHT4080 1.000.00HW001.2.190822, HRHT4082 1.000.00HW001.2.190822, HRHT4084 1.000.00HW001.2.190822, HRHT4160 1.000.00HW001.2.190822, HRHT4162 1.000.00HW001.2.190822, HRHT4164 1.000.00HW001.2.190822, HRHT4166 1.000.00HW001.2.190822, HRHT41612 1.000.00HW001.2.190822, HRHQ1040 1.000.00HW001.1.190822, HRHQ1040L 1.000.00HW001.1.190822, HRHQ1041 1.000.00HW001.1.190822, HRHQ1080 1.000.00HW001.1.190822, HRHQ1080L 1.000.00HW001.1.190822, HRHQ1081 1.000.00HW001.1.190822, HRHQ1082 1.000.00HW001.1.190822, HRHQ1160 1.000.00HW001.1.190822, HRHQ1161 1.000.00HW001.1.190822, HRHQ1162 1.000.00HW001.1.190822, HRHQ1164 1.000.00HW001.1.190822"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18226",
"datePublished": "2019-10-31T21:21:04",
"dateReserved": "2019-10-22T00:00:00",
"dateUpdated": "2024-08-05T01:47:14.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18228 (GCVE-0-2019-18228)
Vulnerability from cvelistv5 – Published: 2019-10-31 21:09 – Updated: 2024-08-05 01:47
VLAI?
Summary
Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-20 - IMPROPER INPUT VALIDATION CWE-20
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Honeywell equIP series IP cameras |
Affected:
H4L2GR1 prior to 2.420.HW01.33.20190812, HBL2GR1 prior to 2.420.HW01.33.20190812, HCL2G prior to 2.420.HW01.33.20190812, H4W2GR1 prior to 1.000.HW00.21.20190812, H4W2GR2 prior to 1.000.HW00.21.20190812, H4W4GR1 prior to 1.000.HW00.21.20190812, H3W2GR1 prior to 1.000.HW00.21.20190812, H3W2GR2 prior to 1.000.HW00.21.20190812, H3W4GR1 prior to 1.000.HW00.21.20190812, HBW2GR1 prior to 1.000.HW00.21.20190812, HBW4GR1 prior to 1.000.HW00.21.20190812, HBW2GR3 prior to 1.000.HW00.21.20190812, HCW2G prior to 1.000.HW00.21.20190812, HCW4G prior to 1.000.HW00.21.20190812
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Honeywell equIP series IP cameras",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "H4L2GR1 prior to 2.420.HW01.33.20190812, HBL2GR1 prior to 2.420.HW01.33.20190812, HCL2G prior to 2.420.HW01.33.20190812, H4W2GR1 prior to 1.000.HW00.21.20190812, H4W2GR2 prior to 1.000.HW00.21.20190812, H4W4GR1 prior to 1.000.HW00.21.20190812, H3W2GR1 prior to 1.000.HW00.21.20190812, H3W2GR2 prior to 1.000.HW00.21.20190812, H3W4GR1 prior to 1.000.HW00.21.20190812, HBW2GR1 prior to 1.000.HW00.21.20190812, HBW4GR1 prior to 1.000.HW00.21.20190812, HBW2GR3 prior to 1.000.HW00.21.20190812, HCW2G prior to 1.000.HW00.21.20190812, HCW4G prior to 1.000.HW00.21.20190812"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "IMPROPER INPUT VALIDATION CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T21:09:16",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Honeywell equIP series IP cameras",
"version": {
"version_data": [
{
"version_value": "H4L2GR1 prior to 2.420.HW01.33.20190812, HBL2GR1 prior to 2.420.HW01.33.20190812, HCL2G prior to 2.420.HW01.33.20190812, H4W2GR1 prior to 1.000.HW00.21.20190812, H4W2GR2 prior to 1.000.HW00.21.20190812, H4W4GR1 prior to 1.000.HW00.21.20190812, H3W2GR1 prior to 1.000.HW00.21.20190812, H3W2GR2 prior to 1.000.HW00.21.20190812, H3W4GR1 prior to 1.000.HW00.21.20190812, HBW2GR1 prior to 1.000.HW00.21.20190812, HBW4GR1 prior to 1.000.HW00.21.20190812, HBW2GR3 prior to 1.000.HW00.21.20190812, HCW2G prior to 1.000.HW00.21.20190812, HCW4G prior to 1.000.HW00.21.20190812"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18228",
"datePublished": "2019-10-31T21:09:16",
"dateReserved": "2019-10-22T00:00:00",
"dateUpdated": "2024-08-05T01:47:14.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13523 (GCVE-0-2019-13523)
Vulnerability from cvelistv5 – Published: 2019-09-26 14:22 – Updated: 2024-08-04 23:57
VLAI?
Summary
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.
Severity ?
No CVSS data available.
CWE
- CWE-200 - INFORMATION EXPOSURE CWE-200
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Honeywell | Performance IP Cameras |
Affected:
HBD3PR2
Affected: H4D3PRV3 Affected: HED3PR3 Affected: H4D3PRV2 Affected: HBD3PR1 Affected: H4W8PR2 Affected: HBW8PR2 Affected: H2W2PC1M Affected: H2W4PER3 Affected: H2W2PER3 Affected: HEW2PER3 Affected: HEW4PER3B Affected: HBW2PER1 Affected: HEW4PER2 Affected: HEW4PER2B Affected: HEW2PER2 Affected: H4W2PER2 Affected: HBW2PER2 Affected: H4W2PER3 Affected: HPW2P1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Performance IP Cameras",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "HBD3PR2"
},
{
"status": "affected",
"version": "H4D3PRV3"
},
{
"status": "affected",
"version": "HED3PR3"
},
{
"status": "affected",
"version": "H4D3PRV2"
},
{
"status": "affected",
"version": "HBD3PR1"
},
{
"status": "affected",
"version": "H4W8PR2"
},
{
"status": "affected",
"version": "HBW8PR2"
},
{
"status": "affected",
"version": "H2W2PC1M"
},
{
"status": "affected",
"version": "H2W4PER3"
},
{
"status": "affected",
"version": "H2W2PER3"
},
{
"status": "affected",
"version": "HEW2PER3"
},
{
"status": "affected",
"version": "HEW4PER3B"
},
{
"status": "affected",
"version": "HBW2PER1"
},
{
"status": "affected",
"version": "HEW4PER2"
},
{
"status": "affected",
"version": "HEW4PER2B"
},
{
"status": "affected",
"version": "HEW2PER2"
},
{
"status": "affected",
"version": "H4W2PER2"
},
{
"status": "affected",
"version": "HBW2PER2"
},
{
"status": "affected",
"version": "H4W2PER3"
},
{
"status": "affected",
"version": "HPW2P1"
}
]
},
{
"product": "Performance NVRs",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "HEN08104"
},
{
"status": "affected",
"version": "HEN08144"
},
{
"status": "affected",
"version": "HEN081124"
},
{
"status": "affected",
"version": "HEN16104"
},
{
"status": "affected",
"version": "HEN16144"
},
{
"status": "affected",
"version": "HEN16184"
},
{
"status": "affected",
"version": "HEN16204"
},
{
"status": "affected",
"version": "HEN162244"
},
{
"status": "affected",
"version": "HEN16284"
},
{
"status": "affected",
"version": "HEN16304"
},
{
"status": "affected",
"version": "HEN16384"
},
{
"status": "affected",
"version": "HEN32104"
},
{
"status": "affected",
"version": "HEN321124"
},
{
"status": "affected",
"version": "HEN32204"
},
{
"status": "affected",
"version": "HEN32284"
},
{
"status": "affected",
"version": "HEN322164"
},
{
"status": "affected",
"version": "HEN32304"
},
{
"status": "affected",
"version": "HEN32384"
},
{
"status": "affected",
"version": "HEN323164"
},
{
"status": "affected",
"version": "HEN64204"
},
{
"status": "affected",
"version": "HEN64304"
},
{
"status": "affected",
"version": "HEN643164"
},
{
"status": "affected",
"version": "HEN643324"
},
{
"status": "affected",
"version": "HEN643484"
},
{
"status": "affected",
"version": "HEN04103"
},
{
"status": "affected",
"version": "HEN04113"
},
{
"status": "affected",
"version": "HEN04123"
},
{
"status": "affected",
"version": "HEN08103"
},
{
"status": "affected",
"version": "HEN08113"
},
{
"status": "affected",
"version": "HEN08123"
},
{
"status": "affected",
"version": "HEN08143"
},
{
"status": "affected",
"version": "HEN16103"
},
{
"status": "affected",
"version": "HEN16123"
},
{
"status": "affected",
"version": "HEN16143"
},
{
"status": "affected",
"version": "HEN16163"
},
{
"status": "affected",
"version": "HEN04103L"
},
{
"status": "affected",
"version": "HEN08103L"
},
{
"status": "affected",
"version": "HEN16103L"
},
{
"status": "affected",
"version": "HEN32103L"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "INFORMATION EXPOSURE CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T14:22:59",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Performance IP Cameras",
"version": {
"version_data": [
{
"version_value": "HBD3PR2"
},
{
"version_value": "H4D3PRV3"
},
{
"version_value": "HED3PR3"
},
{
"version_value": "H4D3PRV2"
},
{
"version_value": "HBD3PR1"
},
{
"version_value": "H4W8PR2"
},
{
"version_value": "HBW8PR2"
},
{
"version_value": "H2W2PC1M"
},
{
"version_value": "H2W4PER3"
},
{
"version_value": "H2W2PER3"
},
{
"version_value": "HEW2PER3"
},
{
"version_value": "HEW4PER3B"
},
{
"version_value": "HBW2PER1"
},
{
"version_value": "HEW4PER2"
},
{
"version_value": "HEW4PER2B"
},
{
"version_value": "HEW2PER2"
},
{
"version_value": "H4W2PER2"
},
{
"version_value": "HBW2PER2"
},
{
"version_value": "H4W2PER3"
},
{
"version_value": "HPW2P1"
}
]
}
},
{
"product_name": "Performance NVRs",
"version": {
"version_data": [
{
"version_value": "HEN08104"
},
{
"version_value": "HEN08144"
},
{
"version_value": "HEN081124"
},
{
"version_value": "HEN16104"
},
{
"version_value": "HEN16144"
},
{
"version_value": "HEN16184"
},
{
"version_value": "HEN16204"
},
{
"version_value": "HEN162244"
},
{
"version_value": "HEN16284"
},
{
"version_value": "HEN16304"
},
{
"version_value": "HEN16384"
},
{
"version_value": "HEN32104"
},
{
"version_value": "HEN321124"
},
{
"version_value": "HEN32204"
},
{
"version_value": "HEN32284"
},
{
"version_value": "HEN322164"
},
{
"version_value": "HEN32304"
},
{
"version_value": "HEN32384"
},
{
"version_value": "HEN323164"
},
{
"version_value": "HEN64204"
},
{
"version_value": "HEN64304"
},
{
"version_value": "HEN643164"
},
{
"version_value": "HEN643324"
},
{
"version_value": "HEN643484"
},
{
"version_value": "HEN04103"
},
{
"version_value": "HEN04113"
},
{
"version_value": "HEN04123"
},
{
"version_value": "HEN08103"
},
{
"version_value": "HEN08113"
},
{
"version_value": "HEN08123"
},
{
"version_value": "HEN08143"
},
{
"version_value": "HEN16103"
},
{
"version_value": "HEN16123"
},
{
"version_value": "HEN16143"
},
{
"version_value": "HEN16163"
},
{
"version_value": "HEN04103L"
},
{
"version_value": "HEN08103L"
},
{
"version_value": "HEN16103L"
},
{
"version_value": "HEN32103L"
}
]
}
}
]
},
"vendor_name": "Honeywell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INFORMATION EXPOSURE CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13523",
"datePublished": "2019-09-26T14:22:59",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}