5.3
CVE-2019-13523
- EPSS 0.27%
- Published 26.09.2019 16:15:11
- Last modified 21.11.2024 04:25:04
- Source ics-cert@hq.dhs.gov
- Teams watchlist Login
- Open Login
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.
Data is provided by the National Vulnerability Database (NVD)
Honeywell ≫ Hbd3pr2 Firmware Version-
Honeywell ≫ H4d3prv3 Firmware Version-
Honeywell ≫ Hed3pr3 Firmware Version-
Honeywell ≫ H4d3prv2 Firmware Version-
Honeywell ≫ Hbd3pr1 Firmware Version-
Honeywell ≫ H4w8pr2 Firmware Version-
Honeywell ≫ Hbw8pr2 Firmware Version-
Honeywell ≫ H2w2pc1m Firmware Version-
Honeywell ≫ H2w4per3 Firmware Version-
Honeywell ≫ H2w2per3 Firmware Version-
Honeywell ≫ Hew2per3 Firmware Version-
Honeywell ≫ Hew4per3b Firmware Version-
Honeywell ≫ Hbw2per1 Firmware Version-
Honeywell ≫ Hew4per2 Firmware Version-
Honeywell ≫ Hew4per2b Firmware Version-
Honeywell ≫ Hew2per2 Firmware Version-
Honeywell ≫ H4w2per2 Firmware Version-
Honeywell ≫ Hbw2per2 Firmware Version-
Honeywell ≫ H4w2per3 Firmware Version-
Honeywell ≫ Hpw2p1 Firmware Version-
Honeywell ≫ Hen08104 Firmware Version-
Honeywell ≫ Hen08144 Firmware Version-
Honeywell ≫ Hen081124 Firmware Version-
Honeywell ≫ Hen16104 Firmware Version-
Honeywell ≫ Hen16144 Firmware Version-
Honeywell ≫ Hen16184 Firmware Version-
Honeywell ≫ Hen16204 Firmware Version-
Honeywell ≫ Hen162244 Firmware Version-
Honeywell ≫ Hen16284 Firmware Version-
Honeywell ≫ Hen16304 Firmware Version-
Honeywell ≫ Hen16384 Firmware Version-
Honeywell ≫ Hen32104 Firmware Version-
Honeywell ≫ Hen321124 Firmware Version-
Honeywell ≫ Hen32204 Firmware Version-
Honeywell ≫ Hen32284 Firmware Version-
Honeywell ≫ Hen322164 Firmware Version-
Honeywell ≫ Hen32304 Firmware Version-
Honeywell ≫ Hen32384 Firmware Version-
Honeywell ≫ Hen323164 Firmware Version-
Honeywell ≫ Hen64204 Firmware Version-
Honeywell ≫ Hen64304 Firmware Version-
Honeywell ≫ Hen643164 Firmware Version-
Honeywell ≫ Hen643324 Firmware Version-
Honeywell ≫ Hen643484 Firmware Version-
Honeywell ≫ Hen04103 Firmware Version-
Honeywell ≫ Hen04113 Firmware Version-
Honeywell ≫ Hen04123 Firmware Version-
Honeywell ≫ Hen08103 Firmware Version-
Honeywell ≫ Hen08113 Firmware Version-
Honeywell ≫ Hen08123 Firmware Version-
Honeywell ≫ Hen08143 Firmware Version-
Honeywell ≫ Hen16103 Firmware Version-
Honeywell ≫ Hen16123 Firmware Version-
Honeywell ≫ Hen16143 Firmware Version-
Honeywell ≫ Hen16163 Firmware Version-
Honeywell ≫ Hen04103l Firmware Version-
Honeywell ≫ Hen08103l Firmware Version-
Honeywell ≫ Hen16103l Firmware Version-
Honeywell ≫ Hen32103l Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.501 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.