CVE-2019-13523
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.
En las cámaras IP y NVRs Honeywell Performance, el servidor web integrado de los dispositivos afectados podría permitir a atacantes remotos obtener datos de configuración web en formato JSON para cámaras IP y NVR (Network Video Recorders), que pueden ser accedidos sin autenticación a través de la red. Cámaras IP Performance afectadas: HBD3PR2, H4D3PRV3, HED3PR3, H4D3PRV2, HBD3PR1, H4W8PR2, HBW8PR2, H2W2PC1M, H2W4PER3, H2W2PER3, HEW2PER3, HEW4PER3B, HBW2PER1, HEW4PER2, HEW4PER2B, HEW2PER2, H4W2PER2, HBW2PER2, H4W2PER3, y HPW2P1. NVRs Serie Performance afectados: HEN08104, HEN08144, HEN081124, HEN16104, HEN16144, HEN16184, HEN16204, HEN162244, HEN16284, HEN16304, HEN16384, HEN32104, HEN321124, HEN32204, HEN32284, HEN322164, HEN32304, HEN32384, HEN323164, HEN64204, HEN64304, HEN643164, HEN643324, HEN643484, HEN04103, HEN04113, HEN04123, HEN08103, HEN08113, HEN08123, HEN08143, HEN16103, HEN16123, HEN16143, HEN16163, HEN04103L, HEN08103L, HEN16103L, HEN32103L.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-07-11 CVE Reserved
- 2019-09-26 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-260-03 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Honeywell Search vendor "Honeywell" | Hbd3pr2 Firmware Search vendor "Honeywell" for product "Hbd3pr2 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hbd3pr2 Search vendor "Honeywell" for product "Hbd3pr2" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | H4d3prv3 Firmware Search vendor "Honeywell" for product "H4d3prv3 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | H4d3prv3 Search vendor "Honeywell" for product "H4d3prv3" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hed3pr3 Firmware Search vendor "Honeywell" for product "Hed3pr3 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hed3pr3 Search vendor "Honeywell" for product "Hed3pr3" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | H4d3prv2 Firmware Search vendor "Honeywell" for product "H4d3prv2 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | H4d3prv2 Search vendor "Honeywell" for product "H4d3prv2" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hbd3pr1 Firmware Search vendor "Honeywell" for product "Hbd3pr1 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hbd3pr1 Search vendor "Honeywell" for product "Hbd3pr1" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | H4w8pr2 Firmware Search vendor "Honeywell" for product "H4w8pr2 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | H4w8pr2 Search vendor "Honeywell" for product "H4w8pr2" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hbw8pr2 Firmware Search vendor "Honeywell" for product "Hbw8pr2 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hbw8pr2 Search vendor "Honeywell" for product "Hbw8pr2" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | H2w2pc1m Firmware Search vendor "Honeywell" for product "H2w2pc1m Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | H2w2pc1m Search vendor "Honeywell" for product "H2w2pc1m" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | H2w4per3 Firmware Search vendor "Honeywell" for product "H2w4per3 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | H2w4per3 Search vendor "Honeywell" for product "H2w4per3" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | H2w2per3 Firmware Search vendor "Honeywell" for product "H2w2per3 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | H2w2per3 Search vendor "Honeywell" for product "H2w2per3" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hew2per3 Firmware Search vendor "Honeywell" for product "Hew2per3 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hew2per3 Search vendor "Honeywell" for product "Hew2per3" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hew4per3b Firmware Search vendor "Honeywell" for product "Hew4per3b Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hew4per3b Search vendor "Honeywell" for product "Hew4per3b" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hbw2per1 Firmware Search vendor "Honeywell" for product "Hbw2per1 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hbw2per1 Search vendor "Honeywell" for product "Hbw2per1" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hew4per2 Firmware Search vendor "Honeywell" for product "Hew4per2 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hew4per2 Search vendor "Honeywell" for product "Hew4per2" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hew4per2b Firmware Search vendor "Honeywell" for product "Hew4per2b Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hew4per2b Search vendor "Honeywell" for product "Hew4per2b" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hew2per2 Firmware Search vendor "Honeywell" for product "Hew2per2 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hew2per2 Search vendor "Honeywell" for product "Hew2per2" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | H4w2per2 Firmware Search vendor "Honeywell" for product "H4w2per2 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | H4w2per2 Search vendor "Honeywell" for product "H4w2per2" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hbw2per2 Firmware Search vendor "Honeywell" for product "Hbw2per2 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hbw2per2 Search vendor "Honeywell" for product "Hbw2per2" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | H4w2per3 Firmware Search vendor "Honeywell" for product "H4w2per3 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | H4w2per3 Search vendor "Honeywell" for product "H4w2per3" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hpw2p1 Firmware Search vendor "Honeywell" for product "Hpw2p1 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hpw2p1 Search vendor "Honeywell" for product "Hpw2p1" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen08104 Firmware Search vendor "Honeywell" for product "Hen08104 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen08104 Search vendor "Honeywell" for product "Hen08104" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen08144 Firmware Search vendor "Honeywell" for product "Hen08144 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen08144 Search vendor "Honeywell" for product "Hen08144" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen081124 Firmware Search vendor "Honeywell" for product "Hen081124 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen081124 Search vendor "Honeywell" for product "Hen081124" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16104 Firmware Search vendor "Honeywell" for product "Hen16104 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16104 Search vendor "Honeywell" for product "Hen16104" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16144 Firmware Search vendor "Honeywell" for product "Hen16144 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16144 Search vendor "Honeywell" for product "Hen16144" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16184 Firmware Search vendor "Honeywell" for product "Hen16184 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16184 Search vendor "Honeywell" for product "Hen16184" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16204 Firmware Search vendor "Honeywell" for product "Hen16204 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16204 Search vendor "Honeywell" for product "Hen16204" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen162244 Firmware Search vendor "Honeywell" for product "Hen162244 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen162244 Search vendor "Honeywell" for product "Hen162244" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16284 Firmware Search vendor "Honeywell" for product "Hen16284 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16284 Search vendor "Honeywell" for product "Hen16284" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16304 Firmware Search vendor "Honeywell" for product "Hen16304 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16304 Search vendor "Honeywell" for product "Hen16304" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16384 Firmware Search vendor "Honeywell" for product "Hen16384 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16384 Search vendor "Honeywell" for product "Hen16384" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen32104 Firmware Search vendor "Honeywell" for product "Hen32104 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen32104 Search vendor "Honeywell" for product "Hen32104" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen321124 Firmware Search vendor "Honeywell" for product "Hen321124 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen321124 Search vendor "Honeywell" for product "Hen321124" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen32204 Firmware Search vendor "Honeywell" for product "Hen32204 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen32204 Search vendor "Honeywell" for product "Hen32204" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen32284 Firmware Search vendor "Honeywell" for product "Hen32284 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen32284 Search vendor "Honeywell" for product "Hen32284" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen322164 Firmware Search vendor "Honeywell" for product "Hen322164 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen322164 Search vendor "Honeywell" for product "Hen322164" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen32304 Firmware Search vendor "Honeywell" for product "Hen32304 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen32304 Search vendor "Honeywell" for product "Hen32304" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen32384 Firmware Search vendor "Honeywell" for product "Hen32384 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen32384 Search vendor "Honeywell" for product "Hen32384" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen323164 Firmware Search vendor "Honeywell" for product "Hen323164 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen323164 Search vendor "Honeywell" for product "Hen323164" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen64204 Firmware Search vendor "Honeywell" for product "Hen64204 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen64204 Search vendor "Honeywell" for product "Hen64204" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen64304 Firmware Search vendor "Honeywell" for product "Hen64304 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen64304 Search vendor "Honeywell" for product "Hen64304" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen643164 Firmware Search vendor "Honeywell" for product "Hen643164 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen643164 Search vendor "Honeywell" for product "Hen643164" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen643324 Firmware Search vendor "Honeywell" for product "Hen643324 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen643324 Search vendor "Honeywell" for product "Hen643324" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen643484 Firmware Search vendor "Honeywell" for product "Hen643484 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen643484 Search vendor "Honeywell" for product "Hen643484" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen04103 Firmware Search vendor "Honeywell" for product "Hen04103 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen04103 Search vendor "Honeywell" for product "Hen04103" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen04113 Firmware Search vendor "Honeywell" for product "Hen04113 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen04113 Search vendor "Honeywell" for product "Hen04113" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen04123 Firmware Search vendor "Honeywell" for product "Hen04123 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen04123 Search vendor "Honeywell" for product "Hen04123" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen08103 Firmware Search vendor "Honeywell" for product "Hen08103 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen08103 Search vendor "Honeywell" for product "Hen08103" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen08113 Firmware Search vendor "Honeywell" for product "Hen08113 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen08113 Search vendor "Honeywell" for product "Hen08113" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen08123 Firmware Search vendor "Honeywell" for product "Hen08123 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen08123 Search vendor "Honeywell" for product "Hen08123" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen08143 Firmware Search vendor "Honeywell" for product "Hen08143 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen08143 Search vendor "Honeywell" for product "Hen08143" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16103 Firmware Search vendor "Honeywell" for product "Hen16103 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16103 Search vendor "Honeywell" for product "Hen16103" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16123 Firmware Search vendor "Honeywell" for product "Hen16123 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16123 Search vendor "Honeywell" for product "Hen16123" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16143 Firmware Search vendor "Honeywell" for product "Hen16143 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16143 Search vendor "Honeywell" for product "Hen16143" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16163 Firmware Search vendor "Honeywell" for product "Hen16163 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16163 Search vendor "Honeywell" for product "Hen16163" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen04103l Firmware Search vendor "Honeywell" for product "Hen04103l Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen04103l Search vendor "Honeywell" for product "Hen04103l" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen08103l Firmware Search vendor "Honeywell" for product "Hen08103l Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen08103l Search vendor "Honeywell" for product "Hen08103l" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen16103l Firmware Search vendor "Honeywell" for product "Hen16103l Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen16103l Search vendor "Honeywell" for product "Hen16103l" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Hen32103l Firmware Search vendor "Honeywell" for product "Hen32103l Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Hen32103l Search vendor "Honeywell" for product "Hen32103l" | - | - |
Safe
|