Sign-up

ID

VAR-201910-0901


CVE

CVE-2019-18230


TITLE

Honeywell equIP Series and Performance Series IP Camera Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-39763 // CNNVD: CNNVD-201910-1919

DESCRIPTION

Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. Honeywell equIP H4L2GR1, etc. are all IP cameras from Honeywell. Attackers can use this vulnerability for unauthorized access

Trust: 2.25

sources: NVD: CVE-2019-18230 // JVNDB: JVNDB-2019-011478 // CNVD: CNVD-2019-39763 // VULMON: CVE-2019-18230

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-39763

AFFECTED PRODUCTS

vendor:honeywellmodel:h4w4gr1scope:ltversion:1.000.hw00.21.20190812

Trust: 1.0

vendor:honeywellmodel:hcd8gscope:ltversion:2.420.hw00.9.20180510

Trust: 1.0

vendor:honeywellmodel:hbl2gr1scope:ltversion:2.420.hw01.33.20190812

Trust: 1.0

vendor:honeywellmodel:hm4l8gr1scope:ltversion:1.000.hw02.8.20190813

Trust: 1.0

vendor:honeywellmodel:hdzp304discope:ltversion:1.000.hw10.5.20190812

Trust: 1.0

vendor:honeywellmodel:hbw4gr1scope:ltversion:1.000.hw00.21.20190812

Trust: 1.0

vendor:honeywellmodel:hpw2p1scope:ltversion:1.000.hw01.3.20190820

Trust: 1.0

vendor:honeywellmodel:h4d8gr1scope:ltversion:2.420.hw00.9.20180510

Trust: 1.0

vendor:honeywellmodel:hbl6gr2scope:ltversion:1.000.hw02.8.20190813

Trust: 1.0

vendor:honeywellmodel:h4l2gr1vscope:ltversion:1.000.0000.18.20190423

Trust: 1.0

vendor:honeywellmodel:hbd8gr1scope:ltversion:2.420.hw00.9.20180510

Trust: 1.0

vendor:honeywellmodel:hcw4gscope:ltversion:1.000.hw00.21.20190812

Trust: 1.0

vendor:honeywellmodel:h4d8pr1scope:ltversion:1.000.hw01.3.20190820

Trust: 1.0

vendor:honeywellmodel:h4lggr2scope:ltversion:1.000.hw04.3.20190813

Trust: 1.0

vendor:honeywellmodel:hdz302dinscope:ltversion:1.000.0041.20180530

Trust: 1.0

vendor:honeywellmodel:hdz302dscope:ltversion:1.000.0041.20180530

Trust: 1.0

vendor:honeywellmodel:hbw2gr3vscope:ltversion:1.000.0000.18.20190409

Trust: 1.0

vendor:honeywellmodel:hfd6gr1scope:ltversion:1.000.hw00.9.20180510

Trust: 1.0

vendor:honeywellmodel:hbl2gr1vscope:ltversion:1.000.0000.18.20190423

Trust: 1.0

vendor:honeywellmodel:h4w2gr1vscope:ltversion:1.000.0000.18.20190409

Trust: 1.0

vendor:honeywellmodel:h4l6gr2scope:ltversion:1.000.hw02.8.20190813

Trust: 1.0

vendor:honeywellmodel:hbw2gr1vscope:ltversion:1.000.0000.18.20190409

Trust: 1.0

vendor:honeywellmodel:hbl6gr2scope:ltversion:1.000.hw04.3.20190813

Trust: 1.0

vendor:honeywellmodel:h3w2gr1scope:ltversion:1.000.hw00.21.20190812

Trust: 1.0

vendor:honeywellmodel:hbw2gr1scope:ltversion:1.000.hw00.21.20190812

Trust: 1.0

vendor:honeywellmodel:h4w4gr1vscope:ltversion:1.000.0000.18.20190409

Trust: 1.0

vendor:honeywellmodel:hfd8gr1scope:ltversion:1.000.hw00.9.20180510

Trust: 1.0

vendor:honeywellmodel:h3w4gr1scope:ltversion:1.000.hw00.21.20190812

Trust: 1.0

vendor:honeywellmodel:hmbl8gr1scope:ltversion:1.000.hw02.8.20190813

Trust: 1.0

vendor:honeywellmodel:hdz302descope:ltversion:1.000.0041.20180530

Trust: 1.0

vendor:honeywellmodel:hbw2gr3scope:ltversion:1.000.hw00.21.20190812

Trust: 1.0

vendor:honeywellmodel:hdz302likscope:ltversion:1.000.61.1.20180607

Trust: 1.0

vendor:honeywellmodel:hcl2gvscope:ltversion:1.000.0000.18.20190423

Trust: 1.0

vendor:honeywellmodel:hfd5pr1scope:ltversion:1.000.hw01.1.20190822

Trust: 1.0

vendor:honeywellmodel:hcw2gscope:ltversion:1.000.hw00.21.20190812

Trust: 1.0

vendor:honeywellmodel:hdzp252discope:ltversion:1.000.hw02.3.20181109

Trust: 1.0

vendor:honeywellmodel:hcl2gscope:ltversion:1.000.0000.18.20190423

Trust: 1.0

vendor:honeywellmodel:hdz302din-c1scope:ltversion:1.000.0041.20180530

Trust: 1.0

vendor:honeywellmodel:hdz302liwscope:ltversion:1.000.61.1.20180607

Trust: 1.0

vendor:honeywellmodel:hbw4gr1vscope:ltversion:1.000.0000.18.20190409

Trust: 1.0

vendor:honeywellmodel:h3w2gr1vscope:ltversion:1.000.0000.18.20190409

Trust: 1.0

vendor:honeywellmodel:hcw2gvscope:ltversion:1.000.0000.18.20190409

Trust: 1.0

vendor:honeywellmodel:h4w2gr1scope:ltversion:1.000.hw00.21.20190812

Trust: 1.0

vendor:honeywellmodel:h4w2gr2scope:ltversion:1.000.hw00.21.20190812

Trust: 1.0

vendor:honeywellmodel:hdz302din-s1scope:ltversion:1.000.0041.20180530

Trust: 1.0

vendor:honeywellmodel:h4l2gr1scope:ltversion:1.000.0000.18.20190423

Trust: 1.0

vendor:honeywellmodel:h3w4gr1vscope:ltversion:1.000.0000.18.20190409

Trust: 1.0

vendor:honeywellmodel:h2w2gr1scope:ltversion:1.000.0000.18.20190409

Trust: 1.0

vendor:honeywellmodel:h3w2gr2scope:ltversion:1.000.hw00.21.20190812

Trust: 1.0

vendor:honeywellmodel:h4d8pr1scope: - version: -

Trust: 0.8

vendor:honeywellmodel:hdz302din−s1scope: - version: -

Trust: 0.8

vendor:honeywellmodel:hdz302likscope: - version: -

Trust: 0.8

vendor:honeywellmodel:hdz302liwscope: - version: -

Trust: 0.8

vendor:honeywellmodel:hdzp252discope: - version: -

Trust: 0.8

vendor:honeywellmodel:hdzp304discope: - version: -

Trust: 0.8

vendor:honeywellmodel:hfd5pr1scope: - version: -

Trust: 0.8

vendor:honeywellmodel:hfd6gr1scope: - version: -

Trust: 0.8

vendor:honeywellmodel:hfd8gr1scope: - version: -

Trust: 0.8

vendor:honeywellmodel:hpw2p1scope: - version: -

Trust: 0.8

vendor:honeywellmodel:performance hdz302din-s1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:performance hdz302likscope: - version: -

Trust: 0.6

vendor:honeywellmodel:performance hdz302liwscope: - version: -

Trust: 0.6

vendor:honeywellmodel:performance hfd6gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:performance hfd8gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:performance hm4l8gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:performance hmbl8gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h3w2gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h3w2gr1vscope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h3w2gr2scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h3w4gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h3w4gr1vscope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h4d8gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h4l2gr1vscope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h4l6gr2scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h4lggr2scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h4w2gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h4w2gr1vscope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h4w2gr2scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h4w4gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip h4w4gr1vscope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip hbd8gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip hbl2gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip hbl2gr1vscope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip hbl6gr2scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip hbw2gr1scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip hbw2gr1vscope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip hbw2gr3scope: - version: -

Trust: 0.6

vendor:honeywellmodel:equip hbw2gr3vscope: - version: -

Trust: 0.6

vendor:honeywellmodel:h3w2gr1vscope:eqversion: -

Trust: 0.6

vendor:honeywellmodel:hfd6gr1scope:eqversion: -

Trust: 0.6

vendor:honeywellmodel:h3w2gr1scope:eqversion: -

Trust: 0.6

vendor:honeywellmodel:hdz302liwscope:eqversion: -

Trust: 0.6

vendor:honeywellmodel:hmbl8gr1scope:eqversion: -

Trust: 0.6

vendor:honeywellmodel:hm4l8gr1scope:eqversion: -

Trust: 0.6

vendor:honeywellmodel:h3w4gr1scope:eqversion: -

Trust: 0.6

vendor:honeywellmodel:h2w2gr1scope:eqversion: -

Trust: 0.6

vendor:honeywellmodel:hfd8gr1scope:eqversion: -

Trust: 0.6

vendor:honeywellmodel:h3w2gr2scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2019-39763 // JVNDB: JVNDB-2019-011478 // CNNVD: CNNVD-201910-1919 // NVD: CVE-2019-18230

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18230
value: HIGH

Trust: 1.0

NVD: CVE-2019-18230
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-39763
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-1919
value: HIGH

Trust: 0.6

VULMON: CVE-2019-18230
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-18230
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-39763
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18230
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-18230
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-39763 // VULMON: CVE-2019-18230 // JVNDB: JVNDB-2019-011478 // CNNVD: CNNVD-201910-1919 // NVD: CVE-2019-18230

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2019-011478 // NVD: CVE-2019-18230

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1919

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1919

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011478

PATCH
title:Top Pageurl:https://www.honeywell.com/
Trust: 0.8
title:Patch for Honeywell equIP Series and Performance Series IP Camera Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/189245
Trust: 0.6
title:Honeywell equIP Series and Performance series IP Fixing measures for camera access control error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101133
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-39763 // 
            
            
            
            JVNDB: JVNDB-2019-011478 // 
            
            
            
            CNNVD: CNNVD-201910-1919

EXTERNAL IDS
db:ICS CERTid:ICSA-19-304-03
Trust: 3.1
db:NVDid:CVE-2019-18230
Trust: 3.1
db:JVNDBid:JVNDB-2019-011478
Trust: 0.8
db:CNVDid:CNVD-2019-39763
Trust: 0.6
db:AUSCERTid:ESB-2019.4071
Trust: 0.6
db:CNNVDid:CNNVD-201910-1919
Trust: 0.6
db:VULMONid:CVE-2019-18230
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-39763 // 
            
            
            
            VULMON: CVE-2019-18230 // 
            
            
            
            JVNDB: JVNDB-2019-011478 // 
            
            
            
            CNNVD: CNNVD-201910-1919 // 
            
            
            
            NVD: CVE-2019-18230

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-304-03
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-18230
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18230
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.4071/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110684
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-39763 // 
            
            
            
            VULMON: CVE-2019-18230 // 
            
            
            
            JVNDB: JVNDB-2019-011478 // 
            
            
            
            CNNVD: CNNVD-201910-1919 // 
            
            
            
            NVD: CVE-2019-18230

SOURCES
db:CNVDid:CNVD-2019-39763
db:VULMONid:CVE-2019-18230
db:JVNDBid:JVNDB-2019-011478
db:CNNVDid:CNNVD-201910-1919
db:NVDid:CVE-2019-18230

LAST UPDATE DATE
2024-11-23T22:41:19.437000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-39763date:2019-11-08T00:00:00
db:VULMONid:CVE-2019-18230date:2019-11-05T00:00:00
db:JVNDBid:JVNDB-2019-011478date:2019-11-08T00:00:00
db:CNNVDid:CNNVD-201910-1919date:2019-11-06T00:00:00
db:NVDid:CVE-2019-18230date:2024-11-21T04:32:53.170

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-39763date:2019-11-08T00:00:00
db:VULMONid:CVE-2019-18230date:2019-10-31T00:00:00
db:JVNDBid:JVNDB-2019-011478date:2019-11-08T00:00:00
db:CNNVDid:CNNVD-201910-1919date:2019-10-31T00:00:00
db:NVDid:CVE-2019-18230date:2019-10-31T22:15:11.080