#VU21209 Improper access control in Honeywell International, Inc products - CVE-2019-13523
Published: September 19, 2019
Vulnerability identifier: #VU21209
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-13523
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
HEN32103L
HEN16103L
HEN08103L
HEN04103L
HEN16163
HEN16143
HEN16123
HEN16103
HEN08143
HEN08123
HEN08113
HEN08103
HEN04123
HEN04113
HEN04103
HEN643484
HEN643324
HEN643164
HEN64304
HEN64204
HEN323164
HEN32384
HEN32304
HEN322164
HEN32284
HEN32204
HEN321124
HEN32104
HEN16384
HEN16304
HEN16284
HEN162244
HEN16204
HEN16184
HEN16144
HEN16104
HEN081124
HEN08144
HEN08104
HPW2P1
H4W2PER3
HBW2PER2
H4W2PER2
HEW2PER2
HEW4PER2B
HEW4PER2
HBW2PER1
HEW4PER3B
HEW2PER3
H2W2PER3
H2W4PEr3
H2W2PC1M
HBW8PR2
H4W8PR2
HBD3PR1
H4D3PRV2
HED3PR3
H4D3PRV3
HBD3PR2
HEN32103L
HEN16103L
HEN08103L
HEN04103L
HEN16163
HEN16143
HEN16123
HEN16103
HEN08143
HEN08123
HEN08113
HEN08103
HEN04123
HEN04113
HEN04103
HEN643484
HEN643324
HEN643164
HEN64304
HEN64204
HEN323164
HEN32384
HEN32304
HEN322164
HEN32284
HEN32204
HEN321124
HEN32104
HEN16384
HEN16304
HEN16284
HEN162244
HEN16204
HEN16184
HEN16144
HEN16104
HEN081124
HEN08144
HEN08104
HPW2P1
H4W2PER3
HBW2PER2
H4W2PER2
HEW2PER2
HEW4PER2B
HEW4PER2
HBW2PER1
HEW4PER3B
HEW2PER3
H2W2PER3
H2W4PEr3
H2W2PC1M
HBW8PR2
H4W8PR2
HBD3PR1
H4D3PRV2
HED3PR3
H4D3PRV3
HBD3PR2
Software vendor:
Honeywell International, Inc
Honeywell International, Inc
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the integrated web server of the affected devices allows to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders). A remote attacker can gain unauthorized access to view device configuration information.
Remediation
Contact vendor to obtain firmware update packages.