Honeywell released new firmware to mitigate an authentication bypass by capture-replay vulnerability in its equIP series and Performance series IP cameras and recorders, according to a report with CISA.
Successful exploitation of this remotely exploitable vulnerability, which Honeywell self-reported, could result in unauthenticated access. The vulnerability affects equIP series and Performance series IP cameras and recorders listed fully in the following Honeywell Security Notification SN 2019-09-13 02.
A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
CVE-2019-18226 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The product sees use in the commercial facilities, critical manufacturing, energy, and healthcare and public health sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. High skill level needed to exploit.
Honeywell released firmware update packages for all affected products.
Honeywell recommends users with potentially affected products take the following steps to protect themselves:
• Update firmware of vulnerable devices per this security notification
• Isolate their system from the Internet or create additional layers of defense to their system from the Internet by placing the affected hardware behind a firewall or into a DMZ
• If remote connections to the network are required, consider using a VPN or other means to ensure secure remote connections into the network where the device is located
Click here for more information on this issue.