ICSA-20-021-01
·
Published 2020-01-21
·
View on CISA ICS-CERT ↗
ICSA-20-021-01_Honeywell Maxpro VMS & NVR
CVSS 9.8
CRITICAL
CVEs (2)
Remediations
- Honeywell recommends users update VMS 560 Build 595 T2-Patch for affected VMS systems, and NVR 5.6 Build 595 T2-Patch for affected NVR systems. The updates can be found at the Honeywell's MyWebTech site via a user account. Additionally, Honeywell recommends that users:
- Update MAXPRO VMS and NVR to latest R560 and 5.6 before applying this patch.
- Update software patch as recommended in Honeywell security notification (SN 2019-10-25 01).
- As a best practice, Honeywell recommends users isolate their systems from the Internet or create additional layers of defense by placing the affected hardware behind a firewall or into a DMZ; and if remote connections to the network are required, consider using a VPN or other means to ensure secure remote connections into the network where the device is located.
Affected Vendors
Honeywell
Affected Products (6)
Honeywell
·
MAXPRO NVR SE
< NVR 5.6 Build 595 T2-Patch
Honeywell
·
MAXPRO NVR XE
< NVR 5.6 Build 595 T2-Patch
Honeywell
·
HNMSWVMS
< VMS560 Build 595 T2-Patch
Honeywell
·
MAXPRO NVR PE
< NVR 5.6 Build 595 T2-Patch
Honeywell
·
MPNVRSWXX
< NVR 5.6 Build 595 T2-Patch
Honeywell
·
HNMSWVMSLT
< VMS560 Build 595 T2-Patch
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more