← Back to home
ICSA-20-051-03  ·  Published 2020-02-20  ·  View on CISA ICS-CERT ↗

Honeywell NOTI-FIRE-NET Web Server (NWS-3)

CVSS 9.4 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could result in an attacker bypassing web server authentication methods.

CVEs (2)

Remediations

  • Honeywell has released a firmware update package (login required) for all affected products listed above.
  • For additional details please see Honeywell Security Notification SN 2020-02-04 01
  • Update NWS-3 firmware per the security notification.
  • Isolate system from the Internet or create additional layers of defense by placing the affected hardware behind a firewall or into a DMZ.
  • If remote connections to the network are required, consider using a VPN or other means to ensure secure remote connections into the network where the device is located.
  • Always use strong passwords on installations to prevent unauthorized access

Affected Vendors

Honeywell

Affected Products (1)

Honeywell · NOTI-FIRE-NET Web Server (NWS-3) <= 3.50

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more