Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Hills ComNav by Interlogix
CVE-2022-26519 (GCVE-0-2022-26519)
Vulnerability from cvelistv5 – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:28
VLAI
Title
Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts
Summary
There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.corporate.carrier.com/Images/CARR-PSA… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Interlogix | Hills ComNav |
Affected:
unspecified , < 3002-19
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:25.868036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:28:15.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hills ComNav",
"vendor": "Interlogix",
"versions": [
{
"lessThan": "3002-19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jacob Thompson of Flinders University, Dr. Paul Gardner-Stephen of Flinders University and DEWC Systems, and Dr. Samuel Chenoweth of Defence Science and Technology Group reported these vulnerabilities to Carrier."
}
],
"descriptions": [
{
"lang": "en",
"value": "There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Carrier recommends users upgrade to Version 4000-12 or later, which is the latest supported version at the time of this publication. Please contact the Hills distributor to acquire the firmware update.\nMore information on this issue can be found in Carrier product security advisory number CARR-PSA-002-1121."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-26519",
"STATE": "PUBLIC",
"TITLE": "Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hills ComNav",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3002-19"
}
]
}
}
]
},
"vendor_name": "Interlogix"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jacob Thompson of Flinders University, Dr. Paul Gardner-Stephen of Flinders University and DEWC Systems, and Dr. Samuel Chenoweth of Defence Science and Technology Group reported these vulnerabilities to Carrier."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf",
"refsource": "CONFIRM",
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Carrier recommends users upgrade to Version 4000-12 or later, which is the latest supported version at the time of this publication. Please contact the Hills distributor to acquire the firmware update.\nMore information on this issue can be found in Carrier product security advisory number CARR-PSA-002-1121."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-26519",
"datePublished": "2022-04-20T15:30:36.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:28:15.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26519 (GCVE-0-2022-26519)
Vulnerability from nvd – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:28
VLAI
Title
Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts
Summary
There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.corporate.carrier.com/Images/CARR-PSA… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Interlogix | Hills ComNav |
Affected:
unspecified , < 3002-19
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:25.868036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:28:15.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hills ComNav",
"vendor": "Interlogix",
"versions": [
{
"lessThan": "3002-19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jacob Thompson of Flinders University, Dr. Paul Gardner-Stephen of Flinders University and DEWC Systems, and Dr. Samuel Chenoweth of Defence Science and Technology Group reported these vulnerabilities to Carrier."
}
],
"descriptions": [
{
"lang": "en",
"value": "There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Carrier recommends users upgrade to Version 4000-12 or later, which is the latest supported version at the time of this publication. Please contact the Hills distributor to acquire the firmware update.\nMore information on this issue can be found in Carrier product security advisory number CARR-PSA-002-1121."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-26519",
"STATE": "PUBLIC",
"TITLE": "Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hills ComNav",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3002-19"
}
]
}
}
]
},
"vendor_name": "Interlogix"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jacob Thompson of Flinders University, Dr. Paul Gardner-Stephen of Flinders University and DEWC Systems, and Dr. Samuel Chenoweth of Defence Science and Technology Group reported these vulnerabilities to Carrier."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf",
"refsource": "CONFIRM",
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Carrier recommends users upgrade to Version 4000-12 or later, which is the latest supported version at the time of this publication. Please contact the Hills distributor to acquire the firmware update.\nMore information on this issue can be found in Carrier product security advisory number CARR-PSA-002-1121."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-26519",
"datePublished": "2022-04-20T15:30:36.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:28:15.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}