CVE-2019-18226

Published: Oct 31, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.

Affected (64)

Products: Honeywell: H2w2pc1m Firmware, H2w2per3 Firmware, H2w4per3 Firmware, H4w2per2 Firmware, H4w2per3 Firmware, H4w4per2 Firmware, H4w4per3 Firmware, H4w8pr2 Firmware, Hbd2per1 Firmware, Hbw2per1 Firmware, Hbw2per2 Firmware, Hbw4per1 Firmware, Hbw4per2 Firmware, Hbw4pgr1 Firmware, Hbw8pr2 Firmware, Hed2per3 Firmware, Hew2per2 Firmware, Hew2per3 Firmware, Hew4per3 Firmware, Hew4per3b Firmware, Hew4per2b Firmware, Hdzp252di Firmware, Hdzp304di Firmware, Hpw2p1 Firmware, H2w2gr1 Firmware, H3w2gr1v Firmware, H3w4gr1v Firmware, H3w2gr1 Firmware, H3w2gr2 Firmware, H3w4gr1 Firmware, H4l2gr1v Firmware, H4w2gr1 Firmware, H4w2gr1v Firmware, H4w4gr1v Firmware, H4l2gr1 Firmware, H4w2gr2 Firmware, H4w4gr1 Firmware, H4l6gr2 Firmware, Hm4l8gr1 Firmware, H4d8gr1 Firmware, Hbl2gr1v Firmware, Hbw2gr1v Firmware, Hbw2gr3v Firmware, Hbw4gr1v Firmware, Hbl6gr2 Firmware, Hmbl8gr1 Firmware, Hbd8gr1 Firmware, Hfd6gr1 Firmware, Hfd8gr1 Firmware, Hdz302liw Firmware, Hdz302lik Firmware, Hdz302de Firmware, Hdz302d Firmware, Hdz302din C1 Firmware, Hdz302din S1 Firmware, Hepz302w0 Firmware, Hcl2gv Firmware, Hcl2g Firmware, Hcw2g Firmware, Hcw4g Firmware, Hcd8g Firmware, Hsw2g1 Firmware, Hswb2g1 Firmware, Hcw2gv Firmware

64 products

Hdz302din C1 Firmware

Hdz302din S1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H2w2pc1m Firmware	All versions

Running on/with	Platform Versions
Honeywell H2w2pc1m	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H2w2per3 Firmware	All versions

Running on/with	Platform Versions
Honeywell H2w2per3	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H2w4per3 Firmware	All versions

Running on/with	Platform Versions
Honeywell H2w4per3	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w2per2 Firmware	All versions

Running on/with	Platform Versions
Honeywell H4w2per2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w2per3 Firmware	All versions

Running on/with	Platform Versions
Honeywell H4w2per3	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w4per2 Firmware	All versions

Running on/with	Platform Versions
Honeywell H4w4per2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w4per3 Firmware	All versions

Running on/with	Platform Versions
Honeywell H4w4per3	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w8pr2 Firmware	All versions

Running on/with	Platform Versions
Honeywell H4w8pr2	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbd2per1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbd2per1	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw2per1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbw2per1	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw2per2 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbw2per2	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw4per1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbw4per1	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw4per2 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbw4per2	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw4pgr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbw4pgr1	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw8pr2 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbw8pr2	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hed2per3 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hed2per3	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hew2per2 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hew2per2	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hew2per3 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hew2per3	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hew4per3 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hew4per3	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hew4per3b Firmware	All versions

Running on/with	Platform Versions
Honeywell Hew4per3b	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hew4per2b Firmware	All versions

Running on/with	Platform Versions
Honeywell Hew4per2b	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdzp252di Firmware	All versions

Running on/with	Platform Versions
Honeywell Hdzp252di	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdzp304di Firmware	All versions

Running on/with	Platform Versions
Honeywell Hdzp304di	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hpw2p1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hpw2p1	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H2w2gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell H2w2gr1	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H3w2gr1v Firmware	All versions

Running on/with	Platform Versions
Honeywell H3w2gr1v	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H3w4gr1v Firmware	All versions

Running on/with	Platform Versions
Honeywell H3w4gr1v	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H3w2gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell H3w2gr1	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H3w2gr2 Firmware	All versions

Running on/with	Platform Versions
Honeywell H3w2gr2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H3w4gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell H3w4gr1	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4l2gr1v Firmware	All versions

Running on/with	Platform Versions
Honeywell H4l2gr1v	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w2gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell H4w2gr1	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w2gr1v Firmware	All versions

Running on/with	Platform Versions
Honeywell H4w2gr1v	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w4gr1v Firmware	All versions

Running on/with	Platform Versions
Honeywell H4w4gr1v	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4l2gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell H4l2gr1	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w2gr2 Firmware	All versions

Running on/with	Platform Versions
Honeywell H4w2gr2	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w4gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell H4w4gr1	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4l6gr2 Firmware	All versions

Running on/with	Platform Versions
Honeywell H4l6gr2	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hm4l8gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hm4l8gr1	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4d8gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell H4d8gr1	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbl2gr1v Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbl2gr1v	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw2gr1v Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbw2gr1v	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw2gr3v Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbw2gr3v	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw4gr1v Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbw4gr1v	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbl6gr2 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbl6gr2	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hmbl8gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hmbl8gr1	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbd8gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hbd8gr1	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hfd6gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hfd6gr1	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hfd8gr1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hfd8gr1	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302liw Firmware	All versions

Running on/with	Platform Versions
Honeywell Hdz302liw	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302lik Firmware	All versions

Running on/with	Platform Versions
Honeywell Hdz302lik	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302de Firmware	All versions

Running on/with	Platform Versions
Honeywell Hdz302de	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302d Firmware	All versions

Running on/with	Platform Versions
Honeywell Hdz302d	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302din C1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hdz302din C1	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302din S1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hdz302din S1	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hepz302w0 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hepz302w0	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcl2gv Firmware	All versions

Running on/with	Platform Versions
Honeywell Hcl2gv	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcl2g Firmware	All versions

Running on/with	Platform Versions
Honeywell Hcl2g	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcw2g Firmware	All versions

Running on/with	Platform Versions
Honeywell Hcw2g	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcw4g Firmware	All versions

Running on/with	Platform Versions
Honeywell Hcw4g	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcd8g Firmware	All versions

Running on/with	Platform Versions
Honeywell Hcd8g	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hsw2g1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hsw2g1	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hswb2g1 Firmware	All versions

Running on/with	Platform Versions
Honeywell Hswb2g1	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcw2gv Firmware	All versions

Running on/with	Platform Versions
Honeywell Hcw2gv	All versions

Related CWEs

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://www.us-cert.gov/ics/advisories/icsa-19-304-04

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsa-19-304-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.