CVE-2019-18226
high-risk
Published 2019-10-31
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
Do I need to act?
-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
H2W2Pc1M Firmware
H2W2Per3 Firmware
H2W4Per3 Firmware
H4W2Per2 Firmware
H4W2Per3 Firmware
H4W4Per2 Firmware
H4W4Per3 Firmware
H4W8Pr2 Firmware
Hbd2Per1 Firmware
Hbw2Per1 Firmware
Hbw2Per2 Firmware
Hbw4Per1 Firmware
Hbw4Per2 Firmware
Hbw4Pgr1 Firmware
Hbw8Pr2 Firmware
Hed2Per3 Firmware
Hew2Per2 Firmware
Hew2Per3 Firmware
Hew4Per2B Firmware
Hew4Per3 Firmware
Affected Vendors
References (2)
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-304-04
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-304-04
60
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
27/34 · High