CVE-2021-39363
https://notcve.org/view.php?id=CVE-2021-39363
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved. Los dispositivos Honeywell HDZP252DI versión 1.00.HW02.4 y HBW2PER1 versión 1.000.HW01.3, permiten un ataque de repetición de vídeo tras el envenenamiento de la caché ARP • https://buildings.honeywell.com/content/dam/hbtbt/en/documents/downloads/Security_Notification_SN_2022-01-26-01_CVE-2021-39363_Command_Injection_HDZP252DI.pdf https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices https://www.honeywell.com/us/en/product-security • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-39364
https://notcve.org/view.php?id=CVE-2021-39364
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved. Los dispositivos Honeywell HDZP252DI versión 1.00.HW02.4 y HBW2PER1 versión 1.000.HW01.3, permiten una suplantación de comandos (para el control de la cámara) tras el envenenamiento de la caché ARP • https://buildings.honeywell.com/content/dam/hbtbt/en/documents/downloads/Security_Notification_SN_2022-01-26-02_CVE-2021-39364_Video_Replay_HBW2PER1.pdf https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices https://www.honeywell.com/us/en/product-security • CWE-294: Authentication Bypass by Capture-replay •
CVE-2020-27295
https://notcve.org/view.php?id=CVE-2020-27295
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). El producto afectado tiene problemas de consumo incontrolado de recursos, lo que puede permitir a un atacante provocar una condición de denegación de servicio en el tunelador OPC UA (versiones anteriores a la 6.3.0.8233) • https://us-cert.cisa.gov/ics/advisories/icsa-21-021-03 • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-27297
https://notcve.org/view.php?id=CVE-2020-27297
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233). El producto afectado es vulnerable a un desbordamiento del búfer en la región heap de la memoria, que puede permitir a un atacante manipular la memoria con valores controlados y ejecutar código remotamente en el OPC UA Tunneller (versiones anteriores a 6.3.0.8233) • https://us-cert.cisa.gov/ics/advisories/icsa-21-021-03 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-27299
https://notcve.org/view.php?id=CVE-2020-27299
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233). El producto afectado es vulnerable a una lectura fuera de límites, lo que puede permitir a un atacante obtener y divulgar información confidencial o causar el bloqueo del dispositivo en el OPC UA Tunneller (versiones anteriores a 6.3.0.8233) • https://us-cert.cisa.gov/ics/advisories/icsa-21-021-03 • CWE-125: Out-of-bounds Read •