Vulnerability-Lookup

VAR-201910-0897

Vulnerability from variot - Updated: 2024-11-23 22:16

Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. Honeywell equIP, etc. are products of American Honeywell (Honeywell) company. Honeywell equIP is an equIP series IP camera product. Honeywell Performance is a Performance series IP camera product. Honeywell Recorders is a Recorders series network video recorder product

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0897",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hswb2g1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h2w2gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hfd6gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbw8pr2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h3w4gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hdz302lik",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hew4per3b",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hepz302w0",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w4per2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hdzp252di",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h3w4gr1v",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hcd8g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hew2per2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hpw2p1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hmbl8gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hew2per3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w2per3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hdz302de",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbd8gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hed2per3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hfd8gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hdz302liw",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hcw2gv",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbd2per1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w8pr2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4l2gr1v",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w4gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w2gr2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hew4per3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h2w4per3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hew4per2b",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4d8gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbw2gr3v",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w2gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbw4pgr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h2w2per3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w2per2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h3w2gr2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hm4l8gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbw4per1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hdz302din-c1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w4per3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbw4per2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w2gr1v",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbl2gr1v",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hdz302din-s1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbw2per1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbw2gr1v",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hdzp304di",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w4gr1v",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hcw4g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hcl2gv",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbl6gr2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h2w2pc1m",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbw4gr1v",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hdz302d",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hcl2g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4l2gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h3w2gr1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h3w2gr1v",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbw2per2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hsw2g1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4l6gr2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hcw2g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h2w2pc1m",
        "scope": null,
        "trust": 0.8,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h2w2per3",
        "scope": null,
        "trust": 0.8,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h2w4per3",
        "scope": null,
        "trust": 0.8,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w2per2",
        "scope": null,
        "trust": 0.8,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w2per3",
        "scope": null,
        "trust": 0.8,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w4per2",
        "scope": null,
        "trust": 0.8,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w4per3",
        "scope": null,
        "trust": 0.8,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "h4w8pr2",
        "scope": null,
        "trust": 0.8,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbd2per1",
        "scope": null,
        "trust": 0.8,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "hbw2per1",
        "scope": null,
        "trust": 0.8,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "equip h3w2gr1",
        "scope": null,
        "trust": 0.6,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "equip h3w2gr1v",
        "scope": null,
        "trust": 0.6,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "equip h2w2gr1",
        "scope": null,
        "trust": 0.6,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "performance h2w2pc1m",
        "scope": null,
        "trust": 0.6,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "performance h2w2per3",
        "scope": null,
        "trust": 0.6,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "performance h2w2prv3",
        "scope": null,
        "trust": 0.6,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "recorder hen04102",
        "scope": null,
        "trust": 0.6,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "recorder hen04112",
        "scope": null,
        "trust": 0.6,
        "vendor": "honeywell",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-37482"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18226"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:honeywell:h2w2pc1m_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:honeywell:h2w2per3_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:honeywell:h2w4per3_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:honeywell:h4w2per2_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:honeywell:h4w2per3_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:honeywell:h4w4per2_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:honeywell:h4w4per3_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:honeywell:h4w8pr2_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:honeywell:hbd2per1_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:honeywell:hbw2per1_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      }
    ]
  },
  "cve": "CVE-2019-18226",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-18226",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-37482",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-18226",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-18226",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-18226",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-18226",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-37482",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-1918",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-37482"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1918"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18226"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. Honeywell equIP, etc. are products of American Honeywell (Honeywell) company. Honeywell equIP is an equIP series IP camera product. Honeywell Performance is a Performance series IP camera product. Honeywell Recorders is a Recorders series network video recorder product",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-18226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-37482"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-18226",
        "trust": 3.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-304-04",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011475",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-37482",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4069",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1918",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-37482"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1918"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18226"
      }
    ]
  },
  "id": "VAR-201910-0897",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-37482"
      }
    ],
    "trust": 1.5090909181818182
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-37482"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:16:48.425000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.honeywell.com/"
      },
      {
        "title": "Patch for Honeywell equIP series, Performance series IP cameras and Recorders authentication bypass vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/225035"
      },
      {
        "title": "Honeywell equIP series, Performance series IP Camera and Recorders Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101818"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-37482"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1918"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-294",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18226"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18226"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18226"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4069/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-37482"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1918"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18226"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-37482"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1918"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18226"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-37482"
      },
      {
        "date": "2019-11-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      },
      {
        "date": "2019-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-1918"
      },
      {
        "date": "2019-10-31T22:15:10.800000",
        "db": "NVD",
        "id": "CVE-2019-18226"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-37482"
      },
      {
        "date": "2019-12-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      },
      {
        "date": "2020-04-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-1918"
      },
      {
        "date": "2024-11-21T04:32:52.597000",
        "db": "NVD",
        "id": "CVE-2019-18226"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1918"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Honeywell In product  Capture-replay Authentication bypass vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011475"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1918"
      }
    ],
    "trust": 0.6
  }
}

CVE-2019-18226 (GCVE-0-2019-18226)

Vulnerability from cvelistv5 – Published: 2019-10-31 21:21 – Updated: 2024-08-05 01:47

Summary

Severity ?

No CVSS data available.

CWE

CWE-294 - AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294

Assigner

icscert

References

URL

Tags

https://www.us-cert.gov/ics/advisories/icsa-19-304-04

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders	Affected: H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.2 ...[truncated] Affected:* H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01 ...[truncated] Affected:* HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, H ...[truncated*]

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:47:14.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.2 ...[truncated*]"
            },
            {
              "status": "affected",
              "version": "H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01 ...[truncated*]"
            },
            {
              "status": "affected",
              "version": "HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, H ...[truncated*]"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-31T21:21:04",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04"
        }
      ],
      "x_ConverterErrors": {
        "version_name": {
          "error": "version_name too long. Use array of versions to record more than one version.",
          "message": "Truncated!"
        }
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-18226",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.21.20190812, HDZ302D 1.000.0043.6.20190820, HDZ302DE 1.000.0043.6.20190820, HDZ302DIN 1.000.0043.6.20190820, HDZ302DIN-C1 1.000.0043.6.20190820, HDZ302DIN-S1 1.000.0043.6.20190820, HDZ302LIK 1.000.0062.3.20190816, HDZ302LIW 1.000.0062.3.20190816, HEPB302W01A04 1.000.0040.3.20190820, HEPB302W01A10 1.000.0040.3.20190820, HEPZ302W0 1.000.0039.3.20190820, HFD6GR1 1.000.HW00.12.20190819, HFD8GR1 1.000.HW00.12.20190819, HM4L8GR1 1.000.HW02.8.20190813, HMBL8GR1 1.000.HW02.8.20190813, HSW2G1 2.460.HW00.5.R.20190827, HSW2G1 2.460.HW00.5.R.20190827, HSWB2G1 2.460.HW00.5.R.20190827, HSWB2G1 2.460.HW00.5.R.20190827"
                          },
                          {
                            "version_value": "H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01.1.190814, HED8PR1 1.000.HW01.3.20190820, HEW2PER2 1.000.HW01.3.20190820, HEW2PER3 1.000.HW01.3.20190820, HEW2PR1 1.000.HW01.1.190813, HEW2PR2 1.000.HW01.1.190814, HEW2PRW1 1.000.HW01.1.190813, HEW4PER2 1.000.HW01.3.20190820, HEW4PER2B 1.000.HW01.3.20190820, HEW4PER3 1.000.HW01.3.20190820, HEW4PER3B 1.000.HW01.3.20190820, HEW4PR2 1.000.HW01.1.190814, HEW4PR3 1.000.HW01.1.190813, HEW4PRW3 1.000.HW01.1.190813, HFD5PR1 1.000.HW01.1.20190822, HPW2P1 1.000.HW01.3.20190820"
                          },
                          {
                            "version_value": "HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, HEN081124 3.215.00HW002.2.20190829, HEN16104 3.215.00HW002.2.20190829, HEN16144 3.215.00HW002.2.20190829, HEN16184 3.215.00HW002.2.20190829, HEN32104 3.215.00HW002.2.20190829, HEN321124 3.215.00HW002.2.20190829, HEN16204 3.215.00HW002.2.20190829, HEN16284 3.215.00HW002.2.20190829, HEN162244 3.215.00HW002.2.20190829, HEN32204 3.215.00HW002.2.20190829, HEN32284 3.215.00HW002.2.20190829, HEN322164 3.215.00HW002.2.20190829, HEN64204 3.215.00HW002.2.20190829, HEN642164 3.215.00HW002.2.20190829, HEN16304 3.215.00HW002.2.20190829, HEN16384 3.215.00HW002.2.20190829, HEN32304 3.215.00HW002.2.20190829, HEN32384 3.215.00HW002.2.20190829, HEN323164 3.215.00HW002.2.20190829, HEN64304 3.215.00HW002.2.20190829, HEN643164 3.215.00HW002.2.20190829, HEN643324 3.215.00HW002.2.20190829, HEN643484 3.215.00HW002.2.20190829, HRHT4040 1.000.00HW001.2.190822, HRHT4041 1.000.00HW001.2.190822, HRHT4042 1.000.00HW001.2.190822, HRHT4080 1.000.00HW001.2.190822, HRHT4082 1.000.00HW001.2.190822, HRHT4084 1.000.00HW001.2.190822, HRHT4160 1.000.00HW001.2.190822, HRHT4162 1.000.00HW001.2.190822, HRHT4164 1.000.00HW001.2.190822, HRHT4166 1.000.00HW001.2.190822, HRHT41612 1.000.00HW001.2.190822, HRHQ1040 1.000.00HW001.1.190822, HRHQ1040L 1.000.00HW001.1.190822, HRHQ1041 1.000.00HW001.1.190822, HRHQ1080 1.000.00HW001.1.190822, HRHQ1080L 1.000.00HW001.1.190822, HRHQ1081 1.000.00HW001.1.190822, HRHQ1082 1.000.00HW001.1.190822, HRHQ1160 1.000.00HW001.1.190822, HRHQ1161 1.000.00HW001.1.190822, HRHQ1162 1.000.00HW001.1.190822, HRHQ1164 1.000.00HW001.1.190822"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-18226",
    "datePublished": "2019-10-31T21:21:04",
    "dateReserved": "2019-10-22T00:00:00",
    "dateUpdated": "2024-08-05T01:47:14.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-201910-0897

CVE-2019-18226 (GCVE-0-2019-18226)

Tags

Sightings

Nomenclature