Vulnerability CVE-2019-13523


Published: 2019-09-26

Description:
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Honeywell -> Hen04103l firmware 
Honeywell -> Hen16144 firmware 
Honeywell -> Hen32384 firmware 
Honeywell -> H2w2pc1m firmware 
Honeywell -> Hen04113 firmware 
Honeywell -> Hen16163 firmware 
Honeywell -> Hen64204 firmware 
Honeywell -> H2w2per3 firmware 
Honeywell -> Hen04123 firmware 
Honeywell -> Hen16184 firmware 
Honeywell -> Hen64304 firmware 
Honeywell -> H2w4per3 firmware 
Honeywell -> Hen08103 firmware 
Honeywell -> Hen16204 firmware 
Honeywell -> Hen643164 firmware 
Honeywell -> H4d3prv2 firmware 
Honeywell -> Hen08103l firmware 
Honeywell -> Hen162244 firmware 
Honeywell -> Hen643324 firmware 
Honeywell -> H4d3prv3 firmware 
Honeywell -> Hen08104 firmware 
Honeywell -> Hen16284 firmware 
Honeywell -> Hen643484 firmware 
Honeywell -> H4w2per2 firmware 
Honeywell -> Hen081124 firmware 
Honeywell -> Hen16304 firmware 
Honeywell -> Hew2per2 firmware 
Honeywell -> H4w2per3 firmware 
Honeywell -> Hen08113 firmware 
Honeywell -> Hen16384 firmware 
Honeywell -> Hew2per3 firmware 
Honeywell -> H4w8pr2 firmware 
Honeywell -> Hen08123 firmware 
Honeywell -> Hen32103l firmware 
Honeywell -> Hew4per2 firmware 
Honeywell -> Hbd3pr1 firmware 
Honeywell -> Hen08143 firmware 
Honeywell -> Hen32104 firmware 
Honeywell -> Hew4per2b firmware 
Honeywell -> Hbd3pr2 firmware 
Honeywell -> Hen08144 firmware 
Honeywell -> Hen321124 firmware 
Honeywell -> Hew4per3b firmware 
Honeywell -> Hbw2per1 firmware 
Honeywell -> Hen16103 firmware 
Honeywell -> Hen32204 firmware 
Honeywell -> Hpw2p1 firmware 
Honeywell -> Hbw2per2 firmware 
Honeywell -> Hen16103l firmware 
Honeywell -> Hen322164 firmware 
Honeywell -> Hbw8pr2 firmware 
Honeywell -> Hen16104 firmware 
Honeywell -> Hen32284 firmware 
Honeywell -> Hed3pr3 firmware 
Honeywell -> Hen16123 firmware 
Honeywell -> Hen32304 firmware 
Honeywell -> Hen04103 firmware 
Honeywell -> Hen16143 firmware 
Honeywell -> Hen323164 firmware 

 References:
https://www.us-cert.gov/ics/advisories/icsa-19-260-03

Copyright 2022, cxsecurity.com

 

Back to Top