Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-18226
HistoryOct 31, 2019 - 10:15 p.m.

CVE-2019-18226

2019-10-3122:15:10
CWE-294
[email protected]
web.nvd.nist.gov
91
cve-2019-18226
honeywell
equip
performance series
ip cameras
recorders
replay attack
authentication vulnerability
nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.

Affected configurations

NVD
Node
honeywellh2w2pc1m_firmwareMatch-
AND
honeywellh2w2pc1mMatch-
Node
honeywellh2w2per3_firmwareMatch-
AND
honeywellh2w2per3Match-
Node
honeywellh2w4per3_firmwareMatch-
AND
honeywellh2w4per3Match-
Node
honeywellh4w2per2_firmwareMatch-
AND
honeywellh4w2per2Match-
Node
honeywellh4w2per3_firmwareMatch-
AND
honeywellh4w2per3Match-
Node
honeywellh4w4per2_firmwareMatch-
AND
honeywellh4w4per2Match-
Node
honeywellh4w4per3_firmwareMatch-
AND
honeywellh4w4per3Match-
Node
honeywellh4w8pr2_firmwareMatch-
AND
honeywellh4w8pr2Match-
Node
honeywellhbd2per1_firmwareMatch-
AND
honeywellhbd2per1Match-
Node
honeywellhbw2per1_firmwareMatch-
AND
honeywellhbw2per1Match-
Node
honeywellhbw2per2_firmwareMatch-
AND
honeywellhbw2per2Match-
Node
honeywellhbw4per1_firmwareMatch-
AND
honeywellhbw4per1Match-
Node
honeywellhbw4per2_firmwareMatch-
AND
honeywellhbw4per2Match-
Node
honeywellhbw4pgr1_firmwareMatch-
AND
honeywellhbw4pgr1Match-
Node
honeywellhbw8pr2_firmwareMatch-
AND
honeywellhbw8pr2Match-
Node
honeywellhed2per3_firmwareMatch-
AND
honeywellhed2per3Match-
Node
honeywellhew2per2_firmwareMatch-
AND
honeywellhew2per2Match-
Node
honeywellhew2per3_firmwareMatch-
AND
honeywellhew2per3Match-
Node
honeywellhew4per2b_firmwareMatch-
AND
honeywellhew4per2bMatch-
Node
honeywellhew4per3_firmwareMatch-
AND
honeywellhew4per3Match-
Node
honeywellhew4per3b_firmwareMatch-
AND
honeywellhew4per3bMatch-
Node
honeywellhew4per2b_firmwareMatch-
AND
honeywellhew4per2bMatch-
Node
honeywellhdzp252di_firmwareMatch-
AND
honeywellhdzp252diMatch-
Node
honeywellhdzp304di_firmwareMatch-
AND
honeywellhdzp304diMatch-
Node
honeywellhpw2p1_firmwareMatch-
AND
honeywellhpw2p1Match-
Node
honeywellh2w2gr1_firmwareMatch-
AND
honeywellh2w2gr1Match-
Node
honeywellh3w2gr1v_firmwareMatch-
AND
honeywellh3w2gr1vMatch-
Node
honeywellh3w4gr1v_firmwareMatch-
AND
honeywellh3w4gr1vMatch-
Node
honeywellh3w2gr1_firmwareMatch-
AND
honeywellh3w2gr1Match-
Node
honeywellh3w2gr2_firmwareMatch-
AND
honeywellh3w2gr2Match-
Node
honeywellh3w4gr1_firmwareMatch-
AND
honeywellh3w4gr1Match-
Node
honeywellh4l2gr1v_firmwareMatch-
AND
honeywellh4l2gr1vMatch-
Node
honeywellh4w2gr1_firmwareMatch-
AND
honeywellh4w2gr1Match-
Node
honeywellh4w2gr1v_firmwareMatch-
AND
honeywellh4w2gr1vMatch-
Node
honeywellh4w4gr1v_firmwareMatch-
AND
honeywellh4w4gr1vMatch-
Node
honeywellh4l2gr1_firmwareMatch-
AND
honeywellh4l2gr1Match-
Node
honeywellh4w2gr2_firmwareMatch-
AND
honeywellh4w2gr2Match-
Node
honeywellh4w4gr1_firmwareMatch-
AND
honeywellh4w4gr1Match-
Node
honeywellh4l6gr2_firmwareMatch-
AND
honeywellh4l6gr2Match-
Node
honeywellhm4l8gr1_firmwareMatch-
AND
honeywellhm4l8gr1Match-
Node
honeywellh4d8gr1_firmwareMatch-
AND
honeywellh4d8gr1Match-
Node
honeywellhbl2gr1v_firmwareMatch-
AND
honeywellhbl2gr1vMatch-
Node
honeywellhbw2gr1v_firmwareMatch-
AND
honeywellhbw2gr1vMatch-
Node
honeywellhbw2gr3v_firmwareMatch-
AND
honeywellhbw2gr3vMatch-
Node
honeywellhbw4gr1v_firmwareMatch-
AND
honeywellhbw4gr1vMatch-
Node
honeywellhbl6gr2_firmwareMatch-
AND
honeywellhbl6gr2Match-
Node
honeywellhmbl8gr1_firmwareMatch-
AND
honeywellhmbl8gr1Match-
Node
honeywellhbd8gr1_firmwareMatch-
AND
honeywellhbd8gr1Match-
Node
honeywellhfd6gr1_firmwareMatch-
AND
honeywellhfd6gr1Match-
Node
honeywellhfd8gr1_firmwareMatch-
AND
honeywellhfd8gr1Match-
Node
honeywellhdz302liw_firmwareMatch-
AND
honeywellhdz302liwMatch-
Node
honeywellhdz302lik_firmwareMatch-
AND
honeywellhdz302likMatch-
Node
honeywellhdz302de_firmwareMatch-
AND
honeywellhdz302deMatch-
Node
honeywellhdz302d_firmwareMatch-
AND
honeywellhdz302dMatch-
Node
honeywellhdz302din-c1_firmwareMatch-
AND
honeywellhdz302din-c1Match-
Node
honeywellhdz302din-s1_firmwareMatch-
AND
honeywellhdz302din-s1Match-
Node
honeywellhepz302w0_firmwareMatch-
AND
honeywellhepz302w0Match-
Node
honeywellhcl2gv_firmwareMatch-
AND
honeywellhcl2gvMatch-
Node
honeywellhcl2g_firmwareMatch-
AND
honeywellhcl2gMatch-
Node
honeywellhcw2g_firmwareMatch-
AND
honeywellhcw2gMatch-
Node
honeywellhcw4g_firmwareMatch-
AND
honeywellhcw4gMatch-
Node
honeywellhcd8g_firmwareMatch-
AND
honeywellhcd8gMatch-
Node
honeywellhsw2g1_firmwareMatch-
AND
honeywellhsw2g1Match-
Node
honeywellhswb2g1_firmwareMatch-
AND
honeywellhswb2g1Match-
Node
honeywellhcw2gv_firmwareMatch-
AND
honeywellhcw2gvMatch-

CNA Affected

[
  {
    "product": "Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.2 ...[truncated*]"
      },
      {
        "status": "affected",
        "version": "H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01 ...[truncated*]"
      },
      {
        "status": "affected",
        "version": "HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, H ...[truncated*]"
      }
    ]
  }
]

Related

prion 1
nvd 1
ics 1
cvelist 1
prion
prion
Authentication flaw
2019-10-31 22:15:00
nvd
nvd
CVE-2019-18226
2019-10-31 22:15:10
ics
ics
Honeywell equIP and Performance Series IP Cameras and Recorders
2019-10-31 12:00:00
cvelist
cvelist
CVE-2019-18226
2019-10-31 21:21:04

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON
Related for CVE-2019-18226
prion1nvd1ics1cvelist1