CVSS: 9.8EPSS: 0%CPEs: 130EXPL: 0CVE-2019-18226
https://notcve.org/view.php?id=CVE-2019-18226
31 Oct 2019 — Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. En las cámaras IP y grabadoras Honeywell equIP series y Performance series, una vulnerabilidad se presenta en los productos afectados donde las cámaras IP y grabadoras poseen una posible vulnerabilidad de ataque de reproducción ya q... • https://www.us-cert.gov/ics/advisories/icsa-19-304-04 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.5EPSS: 0%CPEs: 98EXPL: 0CVE-2019-18230
https://notcve.org/view.php?id=CVE-2019-18230
31 Oct 2019 — Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. En las cámaras IP Honeywell equIP and Performance series, múltiples versiones, una vulnerabilidad se presenta donde el producto afectado permite el acceso no autenticado a la transmisión de audio mediante HTTP. • https://www.us-cert.gov/ics/advisories/icsa-19-304-03 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2019-18228
https://notcve.org/view.php?id=CVE-2019-18228
31 Oct 2019 — Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service. En las cámaras IP serie equIP de Honeywell Multiple equIP Series Cameras, una vulnerabilidad se presenta en los productos afectados donde una petición de paquete HTTP especialmente diseñada podría resultar en una denegación de servicio. • https://www.us-cert.gov/ics/advisories/icsa-19-304-02 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13525
https://notcve.org/view.php?id=CVE-2019-13525
25 Oct 2019 — In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network. En IP-AK2 Access Control Panel Versión 1.04.07 y anteriores, el servidor web integrado de los dispositivos afectados podría permitir a atacantes remotos obtener datos de configuración web, que pueden ser accedidos sin autenticación a través de la red. • https://www.us-cert.gov/ics/advisories/icsa-19-297-02 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 118EXPL: 0CVE-2019-13523
https://notcve.org/view.php?id=CVE-2019-13523
26 Sep 2019 — In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1.... • https://www.us-cert.gov/ics/advisories/icsa-19-260-03 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2014-5435
https://notcve.org/view.php?id=CVE-2014-5435
08 Apr 2019 — An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Se presenta una vulnerabilidad de escritura de memoria arbitraria en el módulo dual_onsrv.exe en Honeywell Experion PKS R40x ante... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-123: Write-what-where Condition CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5436
https://notcve.org/view.php?id=CVE-2014-5436
08 Apr 2019 — A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Se presenta una vulnerabilidad de salto de directorio (directory traversal) en el módulo confd.exe en Honeywell Experion PKS R40x anterior a R400.6, R41x ant... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2014-9186
https://notcve.org/view.php?id=CVE-2014-9186
08 Apr 2019 — A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Se presenta una vulnerabilidad de inclusión de archivos en el módulo confd.exe en Hon... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-20: Improper Input Validation CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2014-9187
https://notcve.org/view.php?id=CVE-2014-9187
25 Mar 2019 — Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Existen múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) en Honeywell... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2014-9189
https://notcve.org/view.php?id=CVE-2014-9189
25 Mar 2019 — Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Existen múltiples vulnerabilidades de desbordamiento de búfer basado en pila... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •