← Back to home

ICSA-19-260-03 · Published 2019-09-17 · View on CISA ICS-CERT ↗

Honeywell Performance IP Cameras and Performance NVRs

CVSS 5.3 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to view device configuration information.

CVEs (1)

CVE-2019-13523

Remediations

Honeywell has released firmware update packages for all affected products. The updates can be obtained with a customer account at the following location (login required):
Update firmware of vulnerable devices according to affected devices outlined in this advisory.
Isolate affected systems from the Internet or create additional layers of defense between affected systems and the Internet by placing the affected hardware behind a firewall or into a DMZ.
If remote connections to the network are required, consider using a VPN or other means to ensure secure remote connections into the network where the device is located.
More information on this issue can be found in Honeywell security notification SN 2019-04-30 01 at the following location on the Honeywell site:

Affected Vendors

Honeywell

Affected Products (59)

Honeywell · Performance IP Series cameras HEW4PER2B

Honeywell · Performance Series NVRs HEN32204

Honeywell · Performance IP Series cameras H4W2PER2

Honeywell · Performance IP Series cameras H2W2PC1M

Honeywell · Performance Series NVRs HEN321124

Honeywell · Performance IP Series cameras HBW2PER2

Honeywell · Performance Series NVRs HEN643164

Honeywell · Performance Series NVRs HEN04113

Honeywell · Performance Series NVRs HEN64304

Honeywell · Performance IP Series cameras HBW2PER1

Honeywell · Performance IP Series cameras H4W2PER3

Honeywell · Performance Series NVRs HEN08144

Honeywell · Performance IP Series cameras HED3PR3

Honeywell · Performance Series NVRs HEN16384

Honeywell · Performance Series NVRs HEN32104

Honeywell · Performance Series NVRs HEN32284

Honeywell · Performance Series NVRs HEN04103L

Honeywell · Performance Series NVRs HEN16304

Honeywell · Performance IP Series cameras H4D3PRV3

Honeywell · Performance Series NVRs HEN16284

Honeywell · Performance Series NVRs HEN643484

Honeywell · Performance Series NVRs HEN64204

Honeywell · Performance Series NVRs HEN08103

Honeywell · Performance Series NVRs HEN643324

Honeywell · Performance Series NVRs HEN32103L

Honeywell · Performance Series NVRs HEN32384

Honeywell · Performance IP Series cameras HEW4PER2

Honeywell · Performance Series NVRs HEN16143

Honeywell · Performance Series NVRs HEN162244

Honeywell · Performance IP Series cameras HEW2PER3

Honeywell · Performance IP Series cameras H4W8PR2

Honeywell · Performance Series NVRs HEN16144

Honeywell · Performance Series NVRs HEN16204

Honeywell · Performance Series NVRs HEN04123

Honeywell · Performance IP Series cameras HBD3PR1

Honeywell · Performance IP Series cameras HBD3PR2

Honeywell · Performance IP Series cameras H2W4PER3

Honeywell · Performance IP Series cameras HEW4PER3B

Honeywell · Performance IP Series cameras H4D3PRV2

Honeywell · Performance Series NVRs HEN323164

Honeywell · Performance Series NVRs HEN322164

Honeywell · Performance IP Series cameras H2W2PER3

Honeywell · Performance IP Series cameras HPW2P1

Honeywell · Performance Series NVRs HEN16123

Honeywell · Performance Series NVRs HEN08113

Honeywell · Performance Series NVRs HEN16103L

Honeywell · Performance Series NVRs HEN16103

Honeywell · Performance Series NVRs HEN16184

Honeywell · Performance Series NVRs HEN081124

Honeywell · Performance IP Series cameras HBW8PR2

Honeywell · Performance Series NVRs HEN32304

Honeywell · Performance Series NVRs HEN16163

Honeywell · Performance Series NVRs HEN04103

Honeywell · Performance Series NVRs HEN08103L

Honeywell · Performance Series NVRs HEN08123

Honeywell · Performance Series NVRs HEN08104

Honeywell · Performance Series NVRs HEN08143

Honeywell · Performance IP Series cameras HEW2PER2

Honeywell · Performance Series NVRs HEN16104

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy, Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more