CVE-2019-13525

Published: Oct 25, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network.

Affected (1)

Products: Honeywell: Ip Ak2 Firmware

Honeywell

1 product

Ip Ak2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Ip Ak2 Firmware	Before 1.04.07

Running on/with	Platform Versions
Honeywell Ip Ak2	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://www.us-cert.gov/ics/advisories/icsa-19-297-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsa-19-297-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.