Vulnerability Details CVE-2021-39364
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://buildings.honeywell.com/content/dam/hbtbt/en/documents/downloads/Security_Notification_SN_2022-01-26-02_CVE-2021-39364_Video_Replay_HBW2PER1.pdf
- https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices
- https://www.honeywell.com/us/en/product-security
- https://buildings.honeywell.com/content/dam/hbtbt/en/documents/downloads/Security_Notification_SN_2022-01-26-02_CVE-2021-39364_Video_Replay_HBW2PER1.pdf
- https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices
- https://www.honeywell.com/us/en/product-security
Products affected by CVE-2021-39364
-
cpe:2.3:h:honeywell:hbw2per1:-
-
cpe:2.3:h:honeywell:hdzp252di:-
-
cpe:2.3:o:honeywell:hbw2per1_firmware:1.000.hw01.3
-
cpe:2.3:o:honeywell:hdzp252di_firmware:1.00.hw02.4