CVE-2019-18226

Summary

Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.

Affected Software

VendorProductVersion RangeStatus
n/aHoneywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recordersH2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.2 ...[truncated*]affected
n/aHoneywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recordersH2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01 ...[truncated*]affected
n/aHoneywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recordersHEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, H ...[truncated*]affected

Weaknesses

  • CWE-294: AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294

ADP Enrichment

CVE Program Container

Additional References

References