CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-2848

Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.2%

CVSS Severity

CVSS v2 Score 6.8

References

http://www.kb.cert.org/vuls/id/857948
http://www.kb.cert.org/vuls/id/857948

Products affected by CVE-2015-2848

Honeywell » Tuxedo Touch » Version: Any

cpe:2.3:o:honeywell:tuxedo_touch:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2848

Products

Pricing

Contact Us