Risk Summary
Successful exploitation of this vulnerability could allow an attacker to download configuration files directly through a URL without authentication, exposing configuration and authorized visitor information.
CVEs (1)
Remediations
- Honeywell released new firmware Version 1.04.15 and recommends affected users contact Honeywell customer support to resolve the issue.
- Upgrade firmware of vulnerable instruments with help from Honeywell after sales support.
- Allow only trusted persons to physically access the target system, including devices that have connection to the system through the Ethernet port.
- If possible, isolate target system from the Internet or create additional layers of defense to target system from the Internet by placing the affected hardware behind a firewall or into a DMZ.
- If remote connections to the network are required, consider using a VPN or other means to ensure secure remote connections into the network where the device is located.
- For additional information refer to the Honeywell Product Security Bulletin 2018-HBT.
Affected Vendors
Honeywell
Affected Products (1)
Honeywell
·
IP-AK2 Access Control Panel
<= 1.04.07
Affected Sectors
Commercial Facilities, Critical Manufacturing, Energy, Healthcare and Public Health
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more