Strix
26.1K

CVE-2019-18226

CRITICALCVSS 9.8/10EPSS 1.37%

Last modified

CVE-2019-18226 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.. EPSS estimates a 1.37% chance of exploitation in the next 30 days.

Description

Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.37%

68.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HoneywellH2w2pc1m FirmwareAll versions
HoneywellH2w2per3 FirmwareAll versions
HoneywellH2w4per3 FirmwareAll versions
HoneywellH4w2per2 FirmwareAll versions
HoneywellH4w2per3 FirmwareAll versions
HoneywellH4w4per2 FirmwareAll versions
HoneywellH4w4per3 FirmwareAll versions
HoneywellH4w8pr2 FirmwareAll versions
HoneywellHbd2per1 FirmwareAll versions
HoneywellHbw2per1 FirmwareAll versions
HoneywellHbw2per2 FirmwareAll versions
HoneywellHbw4per1 FirmwareAll versions
HoneywellHbw4per2 FirmwareAll versions
HoneywellHbw4pgr1 FirmwareAll versions
HoneywellHbw8pr2 FirmwareAll versions
HoneywellHed2per3 FirmwareAll versions
HoneywellHew2per2 FirmwareAll versions
HoneywellHew2per3 FirmwareAll versions
HoneywellHew4per2b FirmwareAll versions
HoneywellHew4per3 FirmwareAll versions
HoneywellHew4per3b FirmwareAll versions
HoneywellHdzp252di FirmwareAll versions
HoneywellHdzp304di FirmwareAll versions
HoneywellHpw2p1 FirmwareAll versions
HoneywellH2w2gr1 FirmwareAll versions
HoneywellH3w2gr1v FirmwareAll versions
HoneywellH3w4gr1v FirmwareAll versions
HoneywellH3w2gr1 FirmwareAll versions
HoneywellH3w2gr2 FirmwareAll versions
HoneywellH3w4gr1 FirmwareAll versions
HoneywellH4l2gr1v FirmwareAll versions
HoneywellH4w2gr1 FirmwareAll versions
HoneywellH4w2gr1v FirmwareAll versions
HoneywellH4w4gr1v FirmwareAll versions
HoneywellH4l2gr1 FirmwareAll versions
HoneywellH4w2gr2 FirmwareAll versions
HoneywellH4w4gr1 FirmwareAll versions
HoneywellH4l6gr2 FirmwareAll versions
HoneywellHm4l8gr1 FirmwareAll versions
HoneywellH4d8gr1 FirmwareAll versions
HoneywellHbl2gr1v FirmwareAll versions
HoneywellHbw2gr1v FirmwareAll versions
HoneywellHbw2gr3v FirmwareAll versions
HoneywellHbw4gr1v FirmwareAll versions
HoneywellHbl6gr2 FirmwareAll versions
HoneywellHmbl8gr1 FirmwareAll versions
HoneywellHbd8gr1 FirmwareAll versions
HoneywellHfd6gr1 FirmwareAll versions
HoneywellHfd8gr1 FirmwareAll versions
HoneywellHdz302liw FirmwareAll versions

Showing 50 of 64 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-18226?
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
How severe is CVE-2019-18226?
CVE-2019-18226 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.37% probability of exploitation in the next 30 days.
How do I fix CVE-2019-18226?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-18226?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST