Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-6J5F-PM23-XCWQ
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2024-04-04 02:00
VLAI?
Details
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.
Severity ?
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-13523"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-26T16:15:00Z",
"severity": "MODERATE"
},
"details": "In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.",
"id": "GHSA-6j5f-pm23-xcwq",
"modified": "2024-04-04T02:00:42Z",
"published": "2022-05-24T16:56:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13523"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
CVE-2019-13523 (GCVE-0-2019-13523)
Vulnerability from cvelistv5 – Published: 2019-09-26 14:22 – Updated: 2024-08-04 23:57
VLAI?
EPSS
Summary
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.
Severity ?
No CVSS data available.
CWE
- CWE-200 - INFORMATION EXPOSURE CWE-200
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Honeywell | Performance IP Cameras |
Affected:
HBD3PR2
Affected: H4D3PRV3 Affected: HED3PR3 Affected: H4D3PRV2 Affected: HBD3PR1 Affected: H4W8PR2 Affected: HBW8PR2 Affected: H2W2PC1M Affected: H2W4PER3 Affected: H2W2PER3 Affected: HEW2PER3 Affected: HEW4PER3B Affected: HBW2PER1 Affected: HEW4PER2 Affected: HEW4PER2B Affected: HEW2PER2 Affected: H4W2PER2 Affected: HBW2PER2 Affected: H4W2PER3 Affected: HPW2P1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Performance IP Cameras",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "HBD3PR2"
},
{
"status": "affected",
"version": "H4D3PRV3"
},
{
"status": "affected",
"version": "HED3PR3"
},
{
"status": "affected",
"version": "H4D3PRV2"
},
{
"status": "affected",
"version": "HBD3PR1"
},
{
"status": "affected",
"version": "H4W8PR2"
},
{
"status": "affected",
"version": "HBW8PR2"
},
{
"status": "affected",
"version": "H2W2PC1M"
},
{
"status": "affected",
"version": "H2W4PER3"
},
{
"status": "affected",
"version": "H2W2PER3"
},
{
"status": "affected",
"version": "HEW2PER3"
},
{
"status": "affected",
"version": "HEW4PER3B"
},
{
"status": "affected",
"version": "HBW2PER1"
},
{
"status": "affected",
"version": "HEW4PER2"
},
{
"status": "affected",
"version": "HEW4PER2B"
},
{
"status": "affected",
"version": "HEW2PER2"
},
{
"status": "affected",
"version": "H4W2PER2"
},
{
"status": "affected",
"version": "HBW2PER2"
},
{
"status": "affected",
"version": "H4W2PER3"
},
{
"status": "affected",
"version": "HPW2P1"
}
]
},
{
"product": "Performance NVRs",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "HEN08104"
},
{
"status": "affected",
"version": "HEN08144"
},
{
"status": "affected",
"version": "HEN081124"
},
{
"status": "affected",
"version": "HEN16104"
},
{
"status": "affected",
"version": "HEN16144"
},
{
"status": "affected",
"version": "HEN16184"
},
{
"status": "affected",
"version": "HEN16204"
},
{
"status": "affected",
"version": "HEN162244"
},
{
"status": "affected",
"version": "HEN16284"
},
{
"status": "affected",
"version": "HEN16304"
},
{
"status": "affected",
"version": "HEN16384"
},
{
"status": "affected",
"version": "HEN32104"
},
{
"status": "affected",
"version": "HEN321124"
},
{
"status": "affected",
"version": "HEN32204"
},
{
"status": "affected",
"version": "HEN32284"
},
{
"status": "affected",
"version": "HEN322164"
},
{
"status": "affected",
"version": "HEN32304"
},
{
"status": "affected",
"version": "HEN32384"
},
{
"status": "affected",
"version": "HEN323164"
},
{
"status": "affected",
"version": "HEN64204"
},
{
"status": "affected",
"version": "HEN64304"
},
{
"status": "affected",
"version": "HEN643164"
},
{
"status": "affected",
"version": "HEN643324"
},
{
"status": "affected",
"version": "HEN643484"
},
{
"status": "affected",
"version": "HEN04103"
},
{
"status": "affected",
"version": "HEN04113"
},
{
"status": "affected",
"version": "HEN04123"
},
{
"status": "affected",
"version": "HEN08103"
},
{
"status": "affected",
"version": "HEN08113"
},
{
"status": "affected",
"version": "HEN08123"
},
{
"status": "affected",
"version": "HEN08143"
},
{
"status": "affected",
"version": "HEN16103"
},
{
"status": "affected",
"version": "HEN16123"
},
{
"status": "affected",
"version": "HEN16143"
},
{
"status": "affected",
"version": "HEN16163"
},
{
"status": "affected",
"version": "HEN04103L"
},
{
"status": "affected",
"version": "HEN08103L"
},
{
"status": "affected",
"version": "HEN16103L"
},
{
"status": "affected",
"version": "HEN32103L"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "INFORMATION EXPOSURE CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T14:22:59",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Performance IP Cameras",
"version": {
"version_data": [
{
"version_value": "HBD3PR2"
},
{
"version_value": "H4D3PRV3"
},
{
"version_value": "HED3PR3"
},
{
"version_value": "H4D3PRV2"
},
{
"version_value": "HBD3PR1"
},
{
"version_value": "H4W8PR2"
},
{
"version_value": "HBW8PR2"
},
{
"version_value": "H2W2PC1M"
},
{
"version_value": "H2W4PER3"
},
{
"version_value": "H2W2PER3"
},
{
"version_value": "HEW2PER3"
},
{
"version_value": "HEW4PER3B"
},
{
"version_value": "HBW2PER1"
},
{
"version_value": "HEW4PER2"
},
{
"version_value": "HEW4PER2B"
},
{
"version_value": "HEW2PER2"
},
{
"version_value": "H4W2PER2"
},
{
"version_value": "HBW2PER2"
},
{
"version_value": "H4W2PER3"
},
{
"version_value": "HPW2P1"
}
]
}
},
{
"product_name": "Performance NVRs",
"version": {
"version_data": [
{
"version_value": "HEN08104"
},
{
"version_value": "HEN08144"
},
{
"version_value": "HEN081124"
},
{
"version_value": "HEN16104"
},
{
"version_value": "HEN16144"
},
{
"version_value": "HEN16184"
},
{
"version_value": "HEN16204"
},
{
"version_value": "HEN162244"
},
{
"version_value": "HEN16284"
},
{
"version_value": "HEN16304"
},
{
"version_value": "HEN16384"
},
{
"version_value": "HEN32104"
},
{
"version_value": "HEN321124"
},
{
"version_value": "HEN32204"
},
{
"version_value": "HEN32284"
},
{
"version_value": "HEN322164"
},
{
"version_value": "HEN32304"
},
{
"version_value": "HEN32384"
},
{
"version_value": "HEN323164"
},
{
"version_value": "HEN64204"
},
{
"version_value": "HEN64304"
},
{
"version_value": "HEN643164"
},
{
"version_value": "HEN643324"
},
{
"version_value": "HEN643484"
},
{
"version_value": "HEN04103"
},
{
"version_value": "HEN04113"
},
{
"version_value": "HEN04123"
},
{
"version_value": "HEN08103"
},
{
"version_value": "HEN08113"
},
{
"version_value": "HEN08123"
},
{
"version_value": "HEN08143"
},
{
"version_value": "HEN16103"
},
{
"version_value": "HEN16123"
},
{
"version_value": "HEN16143"
},
{
"version_value": "HEN16163"
},
{
"version_value": "HEN04103L"
},
{
"version_value": "HEN08103L"
},
{
"version_value": "HEN16103L"
},
{
"version_value": "HEN32103L"
}
]
}
}
]
},
"vendor_name": "Honeywell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INFORMATION EXPOSURE CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13523",
"datePublished": "2019-09-26T14:22:59",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…