Information disclosure in Honeywell Performance IP Cameras and Performance NVRs

Published: 2019-09-19

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2019-13523
CWE-ID	CWE-284
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	HEN32103L Hardware solutions / Office equipment, IP-phones, print servers HEN16103L Hardware solutions / Office equipment, IP-phones, print servers HEN08103L Hardware solutions / Office equipment, IP-phones, print servers HEN04103L Hardware solutions / Office equipment, IP-phones, print servers HEN16163 Hardware solutions / Office equipment, IP-phones, print servers HEN16143 Hardware solutions / Office equipment, IP-phones, print servers HEN16123 Hardware solutions / Office equipment, IP-phones, print servers HEN16103 Hardware solutions / Office equipment, IP-phones, print servers HEN08143 Hardware solutions / Office equipment, IP-phones, print servers HEN08123 Hardware solutions / Office equipment, IP-phones, print servers HEN08113 Hardware solutions / Office equipment, IP-phones, print servers HEN08103 Hardware solutions / Office equipment, IP-phones, print servers HEN04123 Hardware solutions / Office equipment, IP-phones, print servers HEN04113 Hardware solutions / Office equipment, IP-phones, print servers HEN04103 Hardware solutions / Office equipment, IP-phones, print servers HEN643484 Hardware solutions / Office equipment, IP-phones, print servers HEN643324 Hardware solutions / Office equipment, IP-phones, print servers HEN643164 Hardware solutions / Office equipment, IP-phones, print servers HEN64304 Hardware solutions / Office equipment, IP-phones, print servers HEN64204 Hardware solutions / Office equipment, IP-phones, print servers HEN323164 Hardware solutions / Office equipment, IP-phones, print servers HEN32384 Hardware solutions / Office equipment, IP-phones, print servers HEN32304 Hardware solutions / Office equipment, IP-phones, print servers HEN322164 Hardware solutions / Office equipment, IP-phones, print servers HEN32284 Hardware solutions / Office equipment, IP-phones, print servers HEN32204 Hardware solutions / Office equipment, IP-phones, print servers HEN321124 Hardware solutions / Office equipment, IP-phones, print servers HEN32104 Hardware solutions / Office equipment, IP-phones, print servers HEN16384 Hardware solutions / Office equipment, IP-phones, print servers HEN16304 Hardware solutions / Office equipment, IP-phones, print servers HEN16284 Hardware solutions / Office equipment, IP-phones, print servers HEN162244 Hardware solutions / Office equipment, IP-phones, print servers HEN16204 Hardware solutions / Office equipment, IP-phones, print servers HEN16184 Hardware solutions / Office equipment, IP-phones, print servers HEN16144 Hardware solutions / Office equipment, IP-phones, print servers HEN16104 Hardware solutions / Office equipment, IP-phones, print servers HEN081124 Hardware solutions / Office equipment, IP-phones, print servers HEN08144 Hardware solutions / Office equipment, IP-phones, print servers HEN08104 Hardware solutions / Office equipment, IP-phones, print servers HPW2P1 Hardware solutions / Office equipment, IP-phones, print servers H4W2PER3 Hardware solutions / Office equipment, IP-phones, print servers HBW2PER2 Hardware solutions / Office equipment, IP-phones, print servers H4W2PER2 Hardware solutions / Office equipment, IP-phones, print servers HEW2PER2 Hardware solutions / Office equipment, IP-phones, print servers HEW4PER2B Hardware solutions / Office equipment, IP-phones, print servers HEW4PER2 Hardware solutions / Office equipment, IP-phones, print servers HBW2PER1 Hardware solutions / Office equipment, IP-phones, print servers HEW4PER3B Hardware solutions / Office equipment, IP-phones, print servers HEW2PER3 Hardware solutions / Office equipment, IP-phones, print servers H2W2PER3 Hardware solutions / Office equipment, IP-phones, print servers H2W4PEr3 Hardware solutions / Office equipment, IP-phones, print servers H2W2PC1M Hardware solutions / Office equipment, IP-phones, print servers HBW8PR2 Hardware solutions / Office equipment, IP-phones, print servers H4W8PR2 Hardware solutions / Office equipment, IP-phones, print servers HBD3PR1 Hardware solutions / Office equipment, IP-phones, print servers H4D3PRV2 Hardware solutions / Office equipment, IP-phones, print servers HED3PR3 Hardware solutions / Office equipment, IP-phones, print servers H4D3PRV3 Hardware solutions / Office equipment, IP-phones, print servers HBD3PR2 Hardware solutions / Office equipment, IP-phones, print servers
Vendor	Honeywell International, Inc

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper access control

EUVDB-ID: #VU21209

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-13523

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the integrated web server of the affected devices allows to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders). A remote attacker can gain unauthorized access to view device configuration information.

Mitigation

Contact vendor to obtain firmware update packages.

Vulnerable software versions

HEN32103L: All versions

HEN16103L: All versions

HEN08103L: All versions

HEN04103L: All versions

HEN16163: All versions

HEN16143: All versions

HEN16123: All versions

HEN16103: All versions

HEN08143: All versions

HEN08123: All versions

HEN08113: All versions

HEN08103: All versions

HEN04123: All versions

HEN04113: All versions

HEN04103: All versions

HEN643484: All versions

HEN643324: All versions

HEN643164: All versions

HEN64304: All versions

HEN64204: All versions

HEN323164: All versions

HEN32384: All versions

HEN32304: All versions

HEN322164: All versions

HEN32284: All versions

HEN32204: All versions

HEN321124: All versions

HEN32104: All versions

HEN16384: All versions

HEN16304: All versions

HEN16284: All versions

HEN162244: All versions

HEN16204: All versions

HEN16184: All versions

HEN16144: All versions

HEN16104: All versions

HEN081124: All versions

HEN08144: All versions

HEN08104: All versions

HPW2P1: All versions

H4W2PER3: All versions

HBW2PER2: All versions

H4W2PER2: All versions

HEW2PER2: All versions

HEW4PER2B: All versions

HEW4PER2: All versions

HBW2PER1: All versions

HEW4PER3B: All versions

HEW2PER3: All versions

H2W2PER3: All versions

H2W4PEr3: All versions

H2W2PC1M: All versions

HBW8PR2: All versions

H4W8PR2: All versions

HBD3PR1: All versions

H4D3PRV2: All versions

HED3PR3: All versions

H4D3PRV3: All versions

HBD3PR2: All versions

CPE2.3

External links

https://www.us-cert.gov/ics/advisories/icsa-19-260-03
https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security-Notification-May-2019-pdf.pdf?la=en-US&hash=15B712A99CD068FF0D8CB494BC96AB46E2122672

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.