Search criteria
2 vulnerabilities found for hnmswvms by honeywell
VAR-202001-1742
Vulnerability from variot - Updated: 2024-11-23 22:33The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges. plural MAXPRO VMS and NVR To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Honeywell Maxpro VMS & NVR is a Honeywell security solution.
Multiple Honeywell products have SQL injection vulnerabilities that could be exploited by an attacker to gain unauthorized access to the Web user interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1742",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maxpro nvr se",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "5.6"
},
{
"model": "maxpro nvr xe",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "5.6"
},
{
"model": "hnmswvmslt",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "vms560"
},
{
"model": "hnmswvms",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "vms560"
},
{
"model": "maxpro nvr pe",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "5.6"
},
{
"model": "mpnvrswxx",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "5.6"
},
{
"model": "hnmswvms",
"scope": "eq",
"trust": 0.8,
"vendor": "honeywell",
"version": "vms 560 build 595 t2-patch"
},
{
"model": "hnmswvmslt",
"scope": "eq",
"trust": 0.8,
"vendor": "honeywell",
"version": "vms 560 build 595 t2-patch"
},
{
"model": "maxpro nvr pe",
"scope": "eq",
"trust": 0.8,
"vendor": "honeywell",
"version": "nvr 5.6 build 595 t2-patch"
},
{
"model": "maxpro nvr se",
"scope": "eq",
"trust": 0.8,
"vendor": "honeywell",
"version": "nvr 5.6 build 595 t2-patch"
},
{
"model": "maxpro nvr xe",
"scope": "eq",
"trust": 0.8,
"vendor": "honeywell",
"version": "nvr 5.6 build 595 t2-patch"
},
{
"model": "mpnvrswxx",
"scope": "eq",
"trust": 0.8,
"vendor": "honeywell",
"version": "nvr 5.6 build 595 t2-patch"
},
{
"model": "maxpro nvr xe \u003cnvr build t2-patch",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "5.6595"
},
{
"model": "maxpro nvr se \u003cnvr build t2-patch",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "5.6595"
},
{
"model": "maxpro nvr pe \u003cnvr build t2-patch",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "5.6595"
},
{
"model": "mpnvrswxx \u003cnvr build t2-patch",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "5.6595"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maxpro nvr xe",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maxpro nvr se",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maxpro nvr pe",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mpnvrswxx",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hnmswvms",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hnmswvmslt",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "3ebfb0cf-1619-4d4f-b10e-edd86c0b655d"
},
{
"db": "CNVD",
"id": "CNVD-2020-03941"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001718"
},
{
"db": "NVD",
"id": "CVE-2020-6960"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:honeywell:hnmswvms_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:honeywell:hnmswvmslt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:honeywell:maxpro_nvr_pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:honeywell:maxpro_nvr_se_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:honeywell:maxpro_nvr_xe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:honeywell:mpnvrswxx_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001718"
}
]
},
"cve": "CVE-2020-6960",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6960",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-001718",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-03941",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3ebfb0cf-1619-4d4f-b10e-edd86c0b655d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6960",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-001718",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6960",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-001718",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-03941",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-958",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "3ebfb0cf-1619-4d4f-b10e-edd86c0b655d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3ebfb0cf-1619-4d4f-b10e-edd86c0b655d"
},
{
"db": "CNVD",
"id": "CNVD-2020-03941"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001718"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-958"
},
{
"db": "NVD",
"id": "CVE-2020-6960"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges. plural MAXPRO VMS and NVR To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Honeywell Maxpro VMS \u0026 NVR is a Honeywell security solution. \n\r\n\r\nMultiple Honeywell products have SQL injection vulnerabilities that could be exploited by an attacker to gain unauthorized access to the Web user interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6960"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001718"
},
{
"db": "CNVD",
"id": "CNVD-2020-03941"
},
{
"db": "IVD",
"id": "3ebfb0cf-1619-4d4f-b10e-edd86c0b655d"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6960",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-021-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-03941",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-958",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001718",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0265",
"trust": 0.6
},
{
"db": "IVD",
"id": "3EBFB0CF-1619-4D4F-B10E-EDD86C0B655D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3ebfb0cf-1619-4d4f-b10e-edd86c0b655d"
},
{
"db": "CNVD",
"id": "CNVD-2020-03941"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001718"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-958"
},
{
"db": "NVD",
"id": "CVE-2020-6960"
}
]
},
"id": "VAR-202001-1742",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3ebfb0cf-1619-4d4f-b10e-edd86c0b655d"
},
{
"db": "CNVD",
"id": "CNVD-2020-03941"
}
],
"trust": 1.533333325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3ebfb0cf-1619-4d4f-b10e-edd86c0b655d"
},
{
"db": "CNVD",
"id": "CNVD-2020-03941"
}
]
},
"last_update_date": "2024-11-23T22:33:36.103000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SN 2019-10-25 01",
"trust": 0.8,
"url": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-10-25_01-pdf.pdf"
},
{
"title": "Patch for Multiple Honeywell Products SQL Injection Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/199331"
},
{
"title": "Multiple Honeywell product SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=109233"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03941"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001718"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001718"
},
{
"db": "NVD",
"id": "CVE-2020-6960"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6960"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6960"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0265/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03941"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001718"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-958"
},
{
"db": "NVD",
"id": "CVE-2020-6960"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3ebfb0cf-1619-4d4f-b10e-edd86c0b655d"
},
{
"db": "CNVD",
"id": "CNVD-2020-03941"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001718"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-958"
},
{
"db": "NVD",
"id": "CVE-2020-6960"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "IVD",
"id": "3ebfb0cf-1619-4d4f-b10e-edd86c0b655d"
},
{
"date": "2020-02-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03941"
},
{
"date": "2020-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001718"
},
{
"date": "2020-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-958"
},
{
"date": "2020-01-22T15:15:11.617000",
"db": "NVD",
"id": "CVE-2020-6960"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03941"
},
{
"date": "2020-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001718"
},
{
"date": "2023-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-958"
},
{
"date": "2024-11-21T05:36:23.483000",
"db": "NVD",
"id": "CVE-2020-6960"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-958"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural MAXPRO VMS and NVR In SQL Injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001718"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "3ebfb0cf-1619-4d4f-b10e-edd86c0b655d"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-958"
}
],
"trust": 0.8
}
}
VAR-202001-1741
Vulnerability from variot - Updated: 2024-11-23 22:33The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution. MAXPRO VMS and NVR The product contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Honeywell Maxpro VMS & NVR is a Honeywell security solution.
Multiple Honeywell products have code problem vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1741",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maxpro nvr se",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "5.6"
},
{
"model": "maxpro nvr xe",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "5.6"
},
{
"model": "hnmswvmslt",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "vms560"
},
{
"model": "hnmswvms",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "vms560"
},
{
"model": "maxpro nvr pe",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "5.6"
},
{
"model": "mpnvrswxx",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "5.6"
},
{
"model": "hnmswvms",
"scope": null,
"trust": 0.8,
"vendor": "honeywell",
"version": null
},
{
"model": "hnmswvmslt",
"scope": null,
"trust": 0.8,
"vendor": "honeywell",
"version": null
},
{
"model": "maxpro nvr pe",
"scope": null,
"trust": 0.8,
"vendor": "honeywell",
"version": null
},
{
"model": "maxpro nvr se",
"scope": null,
"trust": 0.8,
"vendor": "honeywell",
"version": null
},
{
"model": "maxpro nvr xe",
"scope": null,
"trust": 0.8,
"vendor": "honeywell",
"version": null
},
{
"model": "mpnvrswxx",
"scope": null,
"trust": 0.8,
"vendor": "honeywell",
"version": null
},
{
"model": "maxpro nvr xe \u003cnvr build t2-patch",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "5.6595"
},
{
"model": "maxpro nvr se \u003cnvr build t2-patch",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "5.6595"
},
{
"model": "maxpro nvr pe \u003cnvr build t2-patch",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "5.6595"
},
{
"model": "mpnvrswxx \u003cnvr build t2-patch",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "5.6595"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maxpro nvr xe",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maxpro nvr se",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maxpro nvr pe",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mpnvrswxx",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hnmswvms",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hnmswvmslt",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ac26c1bf-8a71-462d-85a2-2060cb9f6718"
},
{
"db": "CNVD",
"id": "CNVD-2020-03940"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001625"
},
{
"db": "NVD",
"id": "CVE-2020-6959"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:honeywell:hnmswvms_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:honeywell:hnmswvmslt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:honeywell:maxpro_nvr_pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:honeywell:maxpro_nvr_se_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:honeywell:maxpro_nvr_xe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:honeywell:mpnvrswxx_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001625"
}
]
},
"cve": "CVE-2020-6959",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6959",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-001625",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-03940",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ac26c1bf-8a71-462d-85a2-2060cb9f6718",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6959",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-001625",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6959",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-001625",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-03940",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-962",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ac26c1bf-8a71-462d-85a2-2060cb9f6718",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-6959",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ac26c1bf-8a71-462d-85a2-2060cb9f6718"
},
{
"db": "CNVD",
"id": "CNVD-2020-03940"
},
{
"db": "VULMON",
"id": "CVE-2020-6959"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001625"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-962"
},
{
"db": "NVD",
"id": "CVE-2020-6959"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution. MAXPRO VMS and NVR The product contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Honeywell Maxpro VMS \u0026 NVR is a Honeywell security solution. \n\r\n\r\nMultiple Honeywell products have code problem vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6959"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001625"
},
{
"db": "CNVD",
"id": "CNVD-2020-03940"
},
{
"db": "IVD",
"id": "ac26c1bf-8a71-462d-85a2-2060cb9f6718"
},
{
"db": "VULMON",
"id": "CVE-2020-6959"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6959",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-021-01",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2020-03940",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-962",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001625",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0265",
"trust": 0.6
},
{
"db": "IVD",
"id": "AC26C1BF-8A71-462D-85A2-2060CB9F6718",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2020-6959",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ac26c1bf-8a71-462d-85a2-2060cb9f6718"
},
{
"db": "CNVD",
"id": "CNVD-2020-03940"
},
{
"db": "VULMON",
"id": "CVE-2020-6959"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001625"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-962"
},
{
"db": "NVD",
"id": "CVE-2020-6959"
}
]
},
"id": "VAR-202001-1741",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ac26c1bf-8a71-462d-85a2-2060cb9f6718"
},
{
"db": "CNVD",
"id": "CNVD-2020-03940"
}
],
"trust": 1.533333325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ac26c1bf-8a71-462d-85a2-2060cb9f6718"
},
{
"db": "CNVD",
"id": "CNVD-2020-03940"
}
]
},
"last_update_date": "2024-11-23T22:33:36.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.honeywell.com/"
},
{
"title": "Patch for Multiple Honeywell Product Code Issue Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/199335"
},
{
"title": "Multiple Honeywell Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=109235"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03940"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001625"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-962"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001625"
},
{
"db": "NVD",
"id": "CVE-2020-6959"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6959"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6959"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0265/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03940"
},
{
"db": "VULMON",
"id": "CVE-2020-6959"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001625"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-962"
},
{
"db": "NVD",
"id": "CVE-2020-6959"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ac26c1bf-8a71-462d-85a2-2060cb9f6718"
},
{
"db": "CNVD",
"id": "CNVD-2020-03940"
},
{
"db": "VULMON",
"id": "CVE-2020-6959"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001625"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-962"
},
{
"db": "NVD",
"id": "CVE-2020-6959"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "IVD",
"id": "ac26c1bf-8a71-462d-85a2-2060cb9f6718"
},
{
"date": "2020-02-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03940"
},
{
"date": "2020-01-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6959"
},
{
"date": "2020-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001625"
},
{
"date": "2020-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-962"
},
{
"date": "2020-01-22T15:15:11.270000",
"db": "NVD",
"id": "CVE-2020-6959"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03940"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6959"
},
{
"date": "2020-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001625"
},
{
"date": "2023-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-962"
},
{
"date": "2024-11-21T05:36:23.380000",
"db": "NVD",
"id": "CVE-2020-6959"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-962"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MAXPRO VMS and NVR Product Unreliable Data Deserialization Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001625"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "ac26c1bf-8a71-462d-85a2-2060cb9f6718"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-962"
}
],
"trust": 0.8
}
}