CVE-2019-18230

Published: Oct 31, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.

Affected (49)

Products: Honeywell: H4d8pr1 Firmware, Hfd5pr1 Firmware, Hpw2p1 Firmware, Hdzp304di Firmware, Hdzp252di Firmware, Hdz302din S1 Firmware, Hdz302lik Firmware, Hdz302liw Firmware, Hfd6gr1 Firmware, Hfd8gr1 Firmware, Hm4l8gr1 Firmware, Hmbl8gr1 Firmware, H2w2gr1 Firmware, H3w2gr1 Firmware, H3w2gr1v Firmware, H3w2gr2 Firmware, H3w4gr1 Firmware, H3w4gr1v Firmware, H4d8gr1 Firmware, H4l2gr1 Firmware, H4l2gr1v Firmware, H4l6gr2 Firmware, H4lggr2 Firmware, H4w2gr1 Firmware, H4w2gr1v Firmware, H4w2gr2 Firmware, H4w4gr1 Firmware, H4w4gr1v Firmware, Hbd8gr1 Firmware, Hbl2gr1 Firmware, Hbl2gr1v Firmware, Hbl6gr2 Firmware, Hbw2gr1 Firmware, Hbw2gr1v Firmware, Hbw2gr3 Firmware, Hbw2gr3v Firmware, Hbw4gr1 Firmware, Hbw4gr1v Firmware, Hcd8g Firmware, Hcl2g Firmware, Hcl2gv Firmware, Hcw2g Firmware, Hcw2gv Firmware, Hcw4g Firmware, Hdz302d Firmware, Hdz302de Firmware, Hdz302din Firmware, Hdz302din C1 Firmware

48 products

Hdz302din S1 Firmware

Hdz302din C1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4d8pr1 Firmware	Before 1.000.hw01.3.20190820

Running on/with	Platform Versions
Honeywell H4d8pr1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hfd5pr1 Firmware	Before 1.000.hw01.1.20190822

Running on/with	Platform Versions
Honeywell Hfd5pr1	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hpw2p1 Firmware	Before 1.000.hw01.3.20190820

Running on/with	Platform Versions
Honeywell Hpw2p1	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdzp304di Firmware	Before 1.000.hw10.5.20190812

Running on/with	Platform Versions
Honeywell Hdzp304di	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdzp252di Firmware	Before 1.000.hw02.3.20181109

Running on/with	Platform Versions
Honeywell Hdzp252di	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302din S1 Firmware	Before 1.000.0041.20180530

Running on/with	Platform Versions
Honeywell Hdz302din S1	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302lik Firmware	Before 1.000.61.1.20180607

Running on/with	Platform Versions
Honeywell Hdz302lik	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302liw Firmware	Before 1.000.61.1.20180607

Running on/with	Platform Versions
Honeywell Hdz302liw	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hfd6gr1 Firmware	Before 1.000.hw00.9.20180510

Running on/with	Platform Versions
Honeywell Hfd6gr1	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hfd8gr1 Firmware	Before 1.000.hw00.9.20180510

Running on/with	Platform Versions
Honeywell Hfd8gr1	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hm4l8gr1 Firmware	Before 1.000.hw02.8.20190813

Running on/with	Platform Versions
Honeywell Hm4l8gr1	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hmbl8gr1 Firmware	Before 1.000.hw02.8.20190813

Running on/with	Platform Versions
Honeywell Hmbl8gr1	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H2w2gr1 Firmware	Before 1.000.0000.18.20190409

Running on/with	Platform Versions
Honeywell H2w2gr1	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H3w2gr1 Firmware	Before 1.000.hw00.21.20190812

Running on/with	Platform Versions
Honeywell H3w2gr1	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H3w2gr1v Firmware	Before 1.000.0000.18.20190409

Running on/with	Platform Versions
Honeywell H3w2gr1v	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H3w2gr2 Firmware	Before 1.000.hw00.21.20190812

Running on/with	Platform Versions
Honeywell H3w2gr2	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H3w4gr1 Firmware	Before 1.000.hw00.21.20190812

Running on/with	Platform Versions
Honeywell H3w4gr1	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H3w4gr1v Firmware	Before 1.000.0000.18.20190409

Running on/with	Platform Versions
Honeywell H3w4gr1v	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4d8gr1 Firmware	Before 2.420.hw00.9.20180510

Running on/with	Platform Versions
Honeywell H4d8gr1	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4l2gr1 Firmware	Before 1.000.0000.18.20190423

Running on/with	Platform Versions
Honeywell H4l2gr1	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4l2gr1v Firmware	Before 1.000.0000.18.20190423

Running on/with	Platform Versions
Honeywell H4l2gr1v	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4l6gr2 Firmware	Before 1.000.hw02.8.20190813

Running on/with	Platform Versions
Honeywell H4l6gr2	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4lggr2 Firmware	Before 1.000.hw04.3.20190813

Running on/with	Platform Versions
Honeywell H4lggr2	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w2gr1 Firmware	Before 1.000.hw00.21.20190812

Running on/with	Platform Versions
Honeywell H4w2gr1	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w2gr1v Firmware	Before 1.000.0000.18.20190409

Running on/with	Platform Versions
Honeywell H4w2gr1v	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w2gr2 Firmware	Before 1.000.hw00.21.20190812

Running on/with	Platform Versions
Honeywell H4w2gr2	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w4gr1 Firmware	Before 1.000.hw00.21.20190812

Running on/with	Platform Versions
Honeywell H4w4gr1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell H4w4gr1v Firmware	Before 1.000.0000.18.20190409

Running on/with	Platform Versions
Honeywell H4w4gr1v	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbd8gr1 Firmware	Before 2.420.hw00.9.20180510

Running on/with	Platform Versions
Honeywell Hbd8gr1	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbl2gr1 Firmware	Before 2.420.hw01.33.20190812

Running on/with	Platform Versions
Honeywell Hbl2gr1	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbl2gr1v Firmware	Before 1.000.0000.18.20190423

Running on/with	Platform Versions
Honeywell Hbl2gr1v	All versions

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Honeywell Hbl6gr2 Firmware	Before 1.000.hw04.3.20190813

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbl6gr2 Firmware	Before 1.000.hw02.8.20190813

Running on/with	Platform Versions
Honeywell Hbl6gr2	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw2gr1 Firmware	Before 1.000.hw00.21.20190812

Running on/with	Platform Versions
Honeywell Hbw2gr1	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw2gr1v Firmware	Before 1.000.0000.18.20190409

Running on/with	Platform Versions
Honeywell Hbw2gr1v	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw2gr3 Firmware	Before 1.000.hw00.21.20190812

Running on/with	Platform Versions
Honeywell Hbw2gr3	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw2gr3v Firmware	Before 1.000.0000.18.20190409

Running on/with	Platform Versions
Honeywell Hbw2gr3v	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw4gr1 Firmware	Before 1.000.hw00.21.20190812

Running on/with	Platform Versions
Honeywell Hbw4gr1	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hbw4gr1v Firmware	Before 1.000.0000.18.20190409

Running on/with	Platform Versions
Honeywell Hbw4gr1v	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcd8g Firmware	Before 2.420.hw00.9.20180510

Running on/with	Platform Versions
Honeywell Hcd8g	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcl2g Firmware	Before 1.000.0000.18.20190423

Running on/with	Platform Versions
Honeywell Hcl2g	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcl2gv Firmware	Before 1.000.0000.18.20190423

Running on/with	Platform Versions
Honeywell Hcl2gv	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcw2g Firmware	Before 1.000.hw00.21.20190812

Running on/with	Platform Versions
Honeywell Hcw2g	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcw2gv Firmware	Before 1.000.0000.18.20190409

Running on/with	Platform Versions
Honeywell Hcw2gv	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hcw4g Firmware	Before 1.000.hw00.21.20190812

Running on/with	Platform Versions
Honeywell Hcw4g	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302d Firmware	Before 1.000.0041.20180530

Running on/with	Platform Versions
Honeywell Hdz302d	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302de Firmware	Before 1.000.0041.20180530

Running on/with	Platform Versions
Honeywell Hdz302de	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302din Firmware	Before 1.000.0041.20180530

Running on/with	Platform Versions
Honeywell Hdz302din	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Hdz302din C1 Firmware	Before 1.000.0041.20180530

Running on/with	Platform Versions
Honeywell Hdz302din C1	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://www.us-cert.gov/ics/advisories/icsa-19-304-03

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsa-19-304-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.