Vulnerability Details CVE-2019-13523
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2019-13523
-
cpe:2.3:h:honeywell:h2w2pc1m:-
-
cpe:2.3:h:honeywell:h2w2per3:-
-
cpe:2.3:h:honeywell:h2w4per3:-
-
cpe:2.3:h:honeywell:h4d3prv2:-
-
cpe:2.3:h:honeywell:h4d3prv3:-
-
cpe:2.3:h:honeywell:h4w2per2:-
-
cpe:2.3:h:honeywell:h4w2per3:-
-
cpe:2.3:h:honeywell:h4w8pr2:-
-
cpe:2.3:h:honeywell:hbd3pr1:-
-
cpe:2.3:h:honeywell:hbd3pr2:-
-
cpe:2.3:h:honeywell:hbw2per1:-
-
cpe:2.3:h:honeywell:hbw2per2:-
-
cpe:2.3:h:honeywell:hbw8pr2:-
-
cpe:2.3:h:honeywell:hed3pr3:-
-
cpe:2.3:h:honeywell:hen04103:-
-
cpe:2.3:h:honeywell:hen04103l:-
-
cpe:2.3:h:honeywell:hen04113:-
-
cpe:2.3:h:honeywell:hen04123:-
-
cpe:2.3:h:honeywell:hen08103:-
-
cpe:2.3:h:honeywell:hen08103l:-
-
cpe:2.3:h:honeywell:hen08104:-
-
cpe:2.3:h:honeywell:hen081124:-
-
cpe:2.3:h:honeywell:hen08113:-
-
cpe:2.3:h:honeywell:hen08123:-
-
cpe:2.3:h:honeywell:hen08143:-
-
cpe:2.3:h:honeywell:hen08144:-
-
cpe:2.3:h:honeywell:hen16103:-
-
cpe:2.3:h:honeywell:hen16103l:-
-
cpe:2.3:h:honeywell:hen16104:-
-
cpe:2.3:h:honeywell:hen16123:-
-
cpe:2.3:h:honeywell:hen16143:-
-
cpe:2.3:h:honeywell:hen16144:-
-
cpe:2.3:h:honeywell:hen16163:-
-
cpe:2.3:h:honeywell:hen16184:-
-
cpe:2.3:h:honeywell:hen16204:-
-
cpe:2.3:h:honeywell:hen162244:-
-
cpe:2.3:h:honeywell:hen16284:-
-
cpe:2.3:h:honeywell:hen16304:-
-
cpe:2.3:h:honeywell:hen16384:-
-
cpe:2.3:h:honeywell:hen32103l:-
-
cpe:2.3:h:honeywell:hen32104:-
-
cpe:2.3:h:honeywell:hen321124:-
-
cpe:2.3:h:honeywell:hen32204:-
-
cpe:2.3:h:honeywell:hen322164:-
-
cpe:2.3:h:honeywell:hen32284:-
-
cpe:2.3:h:honeywell:hen32304:-
-
cpe:2.3:h:honeywell:hen323164:-
-
cpe:2.3:h:honeywell:hen32384:-
-
cpe:2.3:h:honeywell:hen64204:-
-
cpe:2.3:h:honeywell:hen64304:-
-
cpe:2.3:h:honeywell:hen643164:-
-
cpe:2.3:h:honeywell:hen643324:-
-
cpe:2.3:h:honeywell:hen643484:-
-
cpe:2.3:h:honeywell:hew2per2:-
-
cpe:2.3:h:honeywell:hew2per3:-
-
cpe:2.3:h:honeywell:hew4per2:-
-
cpe:2.3:h:honeywell:hew4per2b:-
-
cpe:2.3:h:honeywell:hew4per3b:-
-
cpe:2.3:h:honeywell:hpw2p1:-
-
cpe:2.3:o:honeywell:h2w2pc1m_firmware:-
-
cpe:2.3:o:honeywell:h2w2per3_firmware:-
-
cpe:2.3:o:honeywell:h2w4per3_firmware:-
-
cpe:2.3:o:honeywell:h4d3prv2_firmware:-
-
cpe:2.3:o:honeywell:h4d3prv3_firmware:-
-
cpe:2.3:o:honeywell:h4w2per2_firmware:-
-
cpe:2.3:o:honeywell:h4w2per3_firmware:-
-
cpe:2.3:o:honeywell:h4w8pr2_firmware:-
-
cpe:2.3:o:honeywell:hbd3pr1_firmware:-
-
cpe:2.3:o:honeywell:hbd3pr2_firmware:-
-
cpe:2.3:o:honeywell:hbw2per1_firmware:-
-
cpe:2.3:o:honeywell:hbw2per2_firmware:-
-
cpe:2.3:o:honeywell:hbw8pr2_firmware:-
-
cpe:2.3:o:honeywell:hed3pr3_firmware:-
-
cpe:2.3:o:honeywell:hen04103_firmware:-
-
cpe:2.3:o:honeywell:hen04103l_firmware:-
-
cpe:2.3:o:honeywell:hen04113_firmware:-
-
cpe:2.3:o:honeywell:hen04123_firmware:-
-
cpe:2.3:o:honeywell:hen08103_firmware:-
-
cpe:2.3:o:honeywell:hen08103l_firmware:-
-
cpe:2.3:o:honeywell:hen08104_firmware:-
-
cpe:2.3:o:honeywell:hen081124_firmware:-
-
cpe:2.3:o:honeywell:hen08113_firmware:-
-
cpe:2.3:o:honeywell:hen08123_firmware:-
-
cpe:2.3:o:honeywell:hen08143_firmware:-
-
cpe:2.3:o:honeywell:hen08144_firmware:-
-
cpe:2.3:o:honeywell:hen16103_firmware:-
-
cpe:2.3:o:honeywell:hen16103l_firmware:-
-
cpe:2.3:o:honeywell:hen16104_firmware:-
-
cpe:2.3:o:honeywell:hen16123_firmware:-
-
cpe:2.3:o:honeywell:hen16143_firmware:-
-
cpe:2.3:o:honeywell:hen16144_firmware:-
-
cpe:2.3:o:honeywell:hen16163_firmware:-
-
cpe:2.3:o:honeywell:hen16184_firmware:-
-
cpe:2.3:o:honeywell:hen16204_firmware:-
-
cpe:2.3:o:honeywell:hen162244_firmware:-
-
cpe:2.3:o:honeywell:hen16284_firmware:-
-
cpe:2.3:o:honeywell:hen16304_firmware:-
-
cpe:2.3:o:honeywell:hen16384_firmware:-
-
cpe:2.3:o:honeywell:hen32103l_firmware:-
-
cpe:2.3:o:honeywell:hen32104_firmware:-
-
cpe:2.3:o:honeywell:hen321124_firmware:-
-
cpe:2.3:o:honeywell:hen32204_firmware:-
-
cpe:2.3:o:honeywell:hen322164_firmware:-
-
cpe:2.3:o:honeywell:hen32284_firmware:-
-
cpe:2.3:o:honeywell:hen32304_firmware:-
-
cpe:2.3:o:honeywell:hen323164_firmware:-
-
cpe:2.3:o:honeywell:hen32384_firmware:-
-
cpe:2.3:o:honeywell:hen64204_firmware:-
-
cpe:2.3:o:honeywell:hen64304_firmware:-
-
cpe:2.3:o:honeywell:hen643164_firmware:-
-
cpe:2.3:o:honeywell:hen643324_firmware:-
-
cpe:2.3:o:honeywell:hen643484_firmware:-
-
cpe:2.3:o:honeywell:hew2per2_firmware:-
-
cpe:2.3:o:honeywell:hew2per3_firmware:-
-
cpe:2.3:o:honeywell:hew4per2_firmware:-
-
cpe:2.3:o:honeywell:hew4per2b_firmware:-
-
cpe:2.3:o:honeywell:hew4per3b_firmware:-
-
cpe:2.3:o:honeywell:hpw2p1_firmware:-