RSS   Vulnerabilities for 'Tuxedo touch'   RSS

2015-07-26
 
CVE-2015-2848

 

 
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

 
 
CVE-2015-2847

 

 
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

 

 >>> Vendor: Honeywell 50 Products
Ademco atnbaseloader100 module
Scanserver activex control
Comfortpoint open manager station
Enterprise buildings integrator
Symmetre
Falcon xlweb linux controller
Falcon xlweb xlwebexe
Opos suite
Excel web xl 1000c1000 600 i/o
Excel web xl 1000c1000 600 i/o uukl
Excel web xl 1000c100 104 i/o
Excel web xl 1000c100u 104 i/o uukl
Excel web xl 1000c500 300 i/o
Excel web xl 1000c500 300 i/o uukl
Excel web xl 1000c50 52 i/o
Excel web xl 1000c50u 52 i/o uukl
Tuxedo touch
Midas black firmware
Midas firmware
Uniformance process history database
Xl web ii controller
Experion process knowledge system
Intermec pm23 firmware
Intermec pc42 firmware
Intermec pc23 firmware
Intermec pm43 firmware
Intermec pc43 firmware
Intermec pd43 firmware
Intermec pm42 firmware
Maxpro nvr pe firmware
Maxpro nvr se firmware
Enterprise dvr firmware
Maxpro nvr xe firmware
Maxpro nvr hybrid se firmware
Maxpro nvr hybrid xe firmware
Fusion iv rev c firmware
CK75
CN51
CN75
Cn75e
CN80
CT40
CT50
CT60
D75E
Eda50
Eda50k
Eda51
Eda60k
Eda70


Copyright 2019, cxsecurity.com

 

Back to Top