Honeywell: >> Tuxedo Touch Security Vulnerabilities
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.
CVSS Score
6.8
EPSS Score
0.001
Published
2015-07-26
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.
CVSS Score
5.0
EPSS Score
0.003
Published
2015-07-26