CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6974
https://notcve.org/view.php?id=CVE-2020-6974
07 Apr 2020 — Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem. Honeywell Notifier Web Server (NWS) Versión 3.50, es vulnerable a un ataque de salto de ruta, lo que permite a un atacante omitir el acceso a directorios restringidos. Honeywell ha publicado una actualización de firmware para abordar el problema. • https://www.us-cert.gov/ics/advisories/icsa-20-051-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6972
https://notcve.org/view.php?id=CVE-2020-6972
24 Mar 2020 — In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. En Notifier Web Server (NWS) versiones 3.50 y anteriores, la autenticación del Honeywell Fire Web Server puede ser omitida por un ataque de reproducción de captura desde un navegador web. • https://www.us-cert.gov/ics/advisories/icsa-20-051-03 • CWE-294: Authentication Bypass by Capture-replay •