Vulnerability-Lookup

GHSA-6J5F-PM23-XCWQ

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2024-04-04 02:00

Details

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.

Severity

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-13523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-26T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.",
  "id": "GHSA-6j5f-pm23-xcwq",
  "modified": "2024-04-04T02:00:42Z",
  "published": "2022-05-24T16:56:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13523"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2019-13523 (GCVE-0-2019-13523)

Vulnerability from cvelistv5 – Published: 2019-09-26 14:22 – Updated: 2024-08-04 23:57

Summary

Severity

No CVSS data available.

CWE

CWE-200 - INFORMATION EXPOSURE CWE-200

Assigner

icscert

References

1 reference

URL	Tags
https://www.us-cert.gov/ics/advisories/icsa-19-260-03	x_refsource_MISC

Impacted products

2 products

Vendor	Product	Version
Honeywell	Performance IP Cameras	Affected: HBD3PR2 Affected: H4D3PRV3 Affected: HED3PR3 Affected: H4D3PRV2 Affected: HBD3PR1 Affected: H4W8PR2 Affected: HBW8PR2 Affected: H2W2PC1M Affected: H2W4PER3 Affected: H2W2PER3 Affected: HEW2PER3 Affected: HEW4PER3B Affected: HBW2PER1 Affected: HEW4PER2 Affected: HEW4PER2B Affected: HEW2PER2 Affected: H4W2PER2 Affected: HBW2PER2 Affected: H4W2PER3 Affected: HPW2P1
Honeywell	Performance NVRs	Affected: HEN08104 Affected: HEN08144 Affected: HEN081124 Affected: HEN16104 Affected: HEN16144 Affected: HEN16184 Affected: HEN16204 Affected: HEN162244 Affected: HEN16284 Affected: HEN16304 Affected: HEN16384 Affected: HEN32104 Affected: HEN321124 Affected: HEN32204 Affected: HEN32284 Affected: HEN322164 Affected: HEN32304 Affected: HEN32384 Affected: HEN323164 Affected: HEN64204 Affected: HEN64304 Affected: HEN643164 Affected: HEN643324 Affected: HEN643484 Affected: HEN04103 Affected: HEN04113 Affected: HEN04123 Affected: HEN08103 Affected: HEN08113 Affected: HEN08123 Affected: HEN08143 Affected: HEN16103 Affected: HEN16123 Affected: HEN16143 Affected: HEN16163 Affected: HEN04103L Affected: HEN08103L Affected: HEN16103L Affected: HEN32103L

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:57:39.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Performance IP Cameras",
          "vendor": "Honeywell",
          "versions": [
            {
              "status": "affected",
              "version": "HBD3PR2"
            },
            {
              "status": "affected",
              "version": "H4D3PRV3"
            },
            {
              "status": "affected",
              "version": "HED3PR3"
            },
            {
              "status": "affected",
              "version": "H4D3PRV2"
            },
            {
              "status": "affected",
              "version": "HBD3PR1"
            },
            {
              "status": "affected",
              "version": "H4W8PR2"
            },
            {
              "status": "affected",
              "version": "HBW8PR2"
            },
            {
              "status": "affected",
              "version": "H2W2PC1M"
            },
            {
              "status": "affected",
              "version": "H2W4PER3"
            },
            {
              "status": "affected",
              "version": "H2W2PER3"
            },
            {
              "status": "affected",
              "version": "HEW2PER3"
            },
            {
              "status": "affected",
              "version": "HEW4PER3B"
            },
            {
              "status": "affected",
              "version": "HBW2PER1"
            },
            {
              "status": "affected",
              "version": "HEW4PER2"
            },
            {
              "status": "affected",
              "version": "HEW4PER2B"
            },
            {
              "status": "affected",
              "version": "HEW2PER2"
            },
            {
              "status": "affected",
              "version": "H4W2PER2"
            },
            {
              "status": "affected",
              "version": "HBW2PER2"
            },
            {
              "status": "affected",
              "version": "H4W2PER3"
            },
            {
              "status": "affected",
              "version": "HPW2P1"
            }
          ]
        },
        {
          "product": "Performance NVRs",
          "vendor": "Honeywell",
          "versions": [
            {
              "status": "affected",
              "version": "HEN08104"
            },
            {
              "status": "affected",
              "version": "HEN08144"
            },
            {
              "status": "affected",
              "version": "HEN081124"
            },
            {
              "status": "affected",
              "version": "HEN16104"
            },
            {
              "status": "affected",
              "version": "HEN16144"
            },
            {
              "status": "affected",
              "version": "HEN16184"
            },
            {
              "status": "affected",
              "version": "HEN16204"
            },
            {
              "status": "affected",
              "version": "HEN162244"
            },
            {
              "status": "affected",
              "version": "HEN16284"
            },
            {
              "status": "affected",
              "version": "HEN16304"
            },
            {
              "status": "affected",
              "version": "HEN16384"
            },
            {
              "status": "affected",
              "version": "HEN32104"
            },
            {
              "status": "affected",
              "version": "HEN321124"
            },
            {
              "status": "affected",
              "version": "HEN32204"
            },
            {
              "status": "affected",
              "version": "HEN32284"
            },
            {
              "status": "affected",
              "version": "HEN322164"
            },
            {
              "status": "affected",
              "version": "HEN32304"
            },
            {
              "status": "affected",
              "version": "HEN32384"
            },
            {
              "status": "affected",
              "version": "HEN323164"
            },
            {
              "status": "affected",
              "version": "HEN64204"
            },
            {
              "status": "affected",
              "version": "HEN64304"
            },
            {
              "status": "affected",
              "version": "HEN643164"
            },
            {
              "status": "affected",
              "version": "HEN643324"
            },
            {
              "status": "affected",
              "version": "HEN643484"
            },
            {
              "status": "affected",
              "version": "HEN04103"
            },
            {
              "status": "affected",
              "version": "HEN04113"
            },
            {
              "status": "affected",
              "version": "HEN04123"
            },
            {
              "status": "affected",
              "version": "HEN08103"
            },
            {
              "status": "affected",
              "version": "HEN08113"
            },
            {
              "status": "affected",
              "version": "HEN08123"
            },
            {
              "status": "affected",
              "version": "HEN08143"
            },
            {
              "status": "affected",
              "version": "HEN16103"
            },
            {
              "status": "affected",
              "version": "HEN16123"
            },
            {
              "status": "affected",
              "version": "HEN16143"
            },
            {
              "status": "affected",
              "version": "HEN16163"
            },
            {
              "status": "affected",
              "version": "HEN04103L"
            },
            {
              "status": "affected",
              "version": "HEN08103L"
            },
            {
              "status": "affected",
              "version": "HEN16103L"
            },
            {
              "status": "affected",
              "version": "HEN32103L"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "INFORMATION EXPOSURE CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-26T14:22:59.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-13523",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Performance IP Cameras",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "HBD3PR2"
                          },
                          {
                            "version_value": "H4D3PRV3"
                          },
                          {
                            "version_value": "HED3PR3"
                          },
                          {
                            "version_value": "H4D3PRV2"
                          },
                          {
                            "version_value": "HBD3PR1"
                          },
                          {
                            "version_value": "H4W8PR2"
                          },
                          {
                            "version_value": "HBW8PR2"
                          },
                          {
                            "version_value": "H2W2PC1M"
                          },
                          {
                            "version_value": "H2W4PER3"
                          },
                          {
                            "version_value": "H2W2PER3"
                          },
                          {
                            "version_value": "HEW2PER3"
                          },
                          {
                            "version_value": "HEW4PER3B"
                          },
                          {
                            "version_value": "HBW2PER1"
                          },
                          {
                            "version_value": "HEW4PER2"
                          },
                          {
                            "version_value": "HEW4PER2B"
                          },
                          {
                            "version_value": "HEW2PER2"
                          },
                          {
                            "version_value": "H4W2PER2"
                          },
                          {
                            "version_value": "HBW2PER2"
                          },
                          {
                            "version_value": "H4W2PER3"
                          },
                          {
                            "version_value": "HPW2P1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Performance NVRs",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "HEN08104"
                          },
                          {
                            "version_value": "HEN08144"
                          },
                          {
                            "version_value": "HEN081124"
                          },
                          {
                            "version_value": "HEN16104"
                          },
                          {
                            "version_value": "HEN16144"
                          },
                          {
                            "version_value": "HEN16184"
                          },
                          {
                            "version_value": "HEN16204"
                          },
                          {
                            "version_value": "HEN162244"
                          },
                          {
                            "version_value": "HEN16284"
                          },
                          {
                            "version_value": "HEN16304"
                          },
                          {
                            "version_value": "HEN16384"
                          },
                          {
                            "version_value": "HEN32104"
                          },
                          {
                            "version_value": "HEN321124"
                          },
                          {
                            "version_value": "HEN32204"
                          },
                          {
                            "version_value": "HEN32284"
                          },
                          {
                            "version_value": "HEN322164"
                          },
                          {
                            "version_value": "HEN32304"
                          },
                          {
                            "version_value": "HEN32384"
                          },
                          {
                            "version_value": "HEN323164"
                          },
                          {
                            "version_value": "HEN64204"
                          },
                          {
                            "version_value": "HEN64304"
                          },
                          {
                            "version_value": "HEN643164"
                          },
                          {
                            "version_value": "HEN643324"
                          },
                          {
                            "version_value": "HEN643484"
                          },
                          {
                            "version_value": "HEN04103"
                          },
                          {
                            "version_value": "HEN04113"
                          },
                          {
                            "version_value": "HEN04123"
                          },
                          {
                            "version_value": "HEN08103"
                          },
                          {
                            "version_value": "HEN08113"
                          },
                          {
                            "version_value": "HEN08123"
                          },
                          {
                            "version_value": "HEN08143"
                          },
                          {
                            "version_value": "HEN16103"
                          },
                          {
                            "version_value": "HEN16123"
                          },
                          {
                            "version_value": "HEN16143"
                          },
                          {
                            "version_value": "HEN16163"
                          },
                          {
                            "version_value": "HEN04103L"
                          },
                          {
                            "version_value": "HEN08103L"
                          },
                          {
                            "version_value": "HEN16103L"
                          },
                          {
                            "version_value": "HEN32103L"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Honeywell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "INFORMATION EXPOSURE CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-13523",
    "datePublished": "2019-09-26T14:22:59.000Z",
    "dateReserved": "2019-07-11T00:00:00.000Z",
    "dateUpdated": "2024-08-04T23:57:39.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-6J5F-PM23-XCWQ

CVE-2019-13523 (GCVE-0-2019-13523)

Tags

Sightings

Nomenclature