CVE-2019-18226

EPSS 0.18%
Published 31.10.2019 22:15:10
Last modified 21.11.2024 04:32:52
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Honeywell ≫ H2w2pc1m Firmware Version-

Honeywell ≫ H2w2pc1m Version-

Honeywell ≫ H2w2per3 Firmware Version-

Honeywell ≫ H2w2per3 Version-

Honeywell ≫ H2w4per3 Firmware Version-

Honeywell ≫ H2w4per3 Version-

Honeywell ≫ H4w2per2 Firmware Version-

Honeywell ≫ H4w2per2 Version-

Honeywell ≫ H4w2per3 Firmware Version-

Honeywell ≫ H4w2per3 Version-

Honeywell ≫ H4w4per2 Firmware Version-

Honeywell ≫ H4w4per2 Version-

Honeywell ≫ H4w4per3 Firmware Version-

Honeywell ≫ H4w4per3 Version-

Honeywell ≫ H4w8pr2 Firmware Version-

Honeywell ≫ H4w8pr2 Version-

Honeywell ≫ Hbd2per1 Firmware Version-

Honeywell ≫ Hbd2per1 Version-

Honeywell ≫ Hbw2per1 Firmware Version-

Honeywell ≫ Hbw2per1 Version-

Honeywell ≫ Hbw2per2 Firmware Version-

Honeywell ≫ Hbw2per2 Version-

Honeywell ≫ Hbw4per1 Firmware Version-

Honeywell ≫ Hbw4per1 Version-

Honeywell ≫ Hbw4per2 Firmware Version-

Honeywell ≫ Hbw4per2 Version-

Honeywell ≫ Hbw4pgr1 Firmware Version-

Honeywell ≫ Hbw4pgr1 Version-

Honeywell ≫ Hbw8pr2 Firmware Version-

Honeywell ≫ Hbw8pr2 Version-

Honeywell ≫ Hed2per3 Firmware Version-

Honeywell ≫ Hed2per3 Version-

Honeywell ≫ Hew2per2 Firmware Version-

Honeywell ≫ Hew2per2 Version-

Honeywell ≫ Hew2per3 Firmware Version-

Honeywell ≫ Hew2per3 Version-

Honeywell ≫ Hew4per2b Firmware Version-

Honeywell ≫ Hew4per2b Version-

Honeywell ≫ Hew4per3 Firmware Version-

Honeywell ≫ Hew4per3 Version-

Honeywell ≫ Hew4per3b Firmware Version-

Honeywell ≫ Hew4per3b Version-

Honeywell ≫ Hew4per2b Firmware Version-

Honeywell ≫ Hew4per2b Version-

Honeywell ≫ Hdzp252di Firmware Version-

Honeywell ≫ Hdzp252di Version-

Honeywell ≫ Hdzp304di Firmware Version-

Honeywell ≫ Hdzp304di Version-

Honeywell ≫ Hpw2p1 Firmware Version-

Honeywell ≫ Hpw2p1 Version-

Honeywell ≫ H2w2gr1 Firmware Version-

Honeywell ≫ H2w2gr1 Version-

Honeywell ≫ H3w2gr1v Firmware Version-

Honeywell ≫ H3w2gr1v Version-

Honeywell ≫ H3w4gr1v Firmware Version-

Honeywell ≫ H3w4gr1v Version-

Honeywell ≫ H3w2gr1 Firmware Version-

Honeywell ≫ H3w2gr1 Version-

Honeywell ≫ H3w2gr2 Firmware Version-

Honeywell ≫ H3w2gr2 Version-

Honeywell ≫ H3w4gr1 Firmware Version-

Honeywell ≫ H3w4gr1 Version-

Honeywell ≫ H4l2gr1v Firmware Version-

Honeywell ≫ H4l2gr1v Version-

Honeywell ≫ H4w2gr1 Firmware Version-

Honeywell ≫ H4w2gr1 Version-

Honeywell ≫ H4w2gr1v Firmware Version-

Honeywell ≫ H4w2gr1v Version-

Honeywell ≫ H4w4gr1v Firmware Version-

Honeywell ≫ H4w4gr1v Version-

Honeywell ≫ H4l2gr1 Firmware Version-

Honeywell ≫ H4l2gr1 Version-

Honeywell ≫ H4w2gr2 Firmware Version-

Honeywell ≫ H4w2gr2 Version-

Honeywell ≫ H4w4gr1 Firmware Version-

Honeywell ≫ H4w4gr1 Version-

Honeywell ≫ H4l6gr2 Firmware Version-

Honeywell ≫ H4l6gr2 Version-

Honeywell ≫ Hm4l8gr1 Firmware Version-

Honeywell ≫ Hm4l8gr1 Version-

Honeywell ≫ H4d8gr1 Firmware Version-

Honeywell ≫ H4d8gr1 Version-

Honeywell ≫ Hbl2gr1v Firmware Version-

Honeywell ≫ Hbl2gr1v Version-

Honeywell ≫ Hbw2gr1v Firmware Version-

Honeywell ≫ Hbw2gr1v Version-

Honeywell ≫ Hbw2gr3v Firmware Version-

Honeywell ≫ Hbw2gr3v Version-

Honeywell ≫ Hbw4gr1v Firmware Version-

Honeywell ≫ Hbw4gr1v Version-

Honeywell ≫ Hbl6gr2 Firmware Version-

Honeywell ≫ Hbl6gr2 Version-

Honeywell ≫ Hmbl8gr1 Firmware Version-

Honeywell ≫ Hmbl8gr1 Version-

Honeywell ≫ Hbd8gr1 Firmware Version-

Honeywell ≫ Hbd8gr1 Version-

Honeywell ≫ Hfd6gr1 Firmware Version-

Honeywell ≫ Hfd6gr1 Version-

Honeywell ≫ Hfd8gr1 Firmware Version-

Honeywell ≫ Hfd8gr1 Version-

Honeywell ≫ Hdz302liw Firmware Version-

Honeywell ≫ Hdz302liw Version-

Honeywell ≫ Hdz302lik Firmware Version-

Honeywell ≫ Hdz302lik Version-

Honeywell ≫ Hdz302de Firmware Version-

Honeywell ≫ Hdz302de Version-

Honeywell ≫ Hdz302d Firmware Version-

Honeywell ≫ Hdz302d Version-

Honeywell ≫ Hdz302din-c1 Firmware Version-

Honeywell ≫ Hdz302din-c1 Version-

Honeywell ≫ Hdz302din-s1 Firmware Version-

Honeywell ≫ Hdz302din-s1 Version-

Honeywell ≫ Hepz302w0 Firmware Version-

Honeywell ≫ Hepz302w0 Version-

Honeywell ≫ Hcl2gv Firmware Version-

Honeywell ≫ Hcl2gv Version-

Honeywell ≫ Hcl2g Firmware Version-

Honeywell ≫ Hcl2g Version-

Honeywell ≫ Hcw2g Firmware Version-

Honeywell ≫ Hcw2g Version-

Honeywell ≫ Hcw4g Firmware Version-

Honeywell ≫ Hcw4g Version-

Honeywell ≫ Hcd8g Firmware Version-

Honeywell ≫ Hcd8g Version-

Honeywell ≫ Hsw2g1 Firmware Version-

Honeywell ≫ Hsw2g1 Version-

Honeywell ≫ Hswb2g1 Firmware Version-

Honeywell ≫ Hswb2g1 Version-

Honeywell ≫ Hcw2gv Firmware Version-

Honeywell ≫ Hcw2gv Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.361

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

https://www.us-cert.gov/ics/advisories/icsa-19-304-04

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2019-18226

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18226

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18226

EUVD