Security News > 2020 > January > Serious Vulnerabilities Expose Honeywell Surveillance Systems to Attacks
Some of Honeywell's MAXPRO video surveillance systems are affected by serious vulnerabilities that can be exploited by hackers to take complete control of the system, a researcher has discovered.
Researcher Joachim Kerschbaumer told SecurityWeek that he reported his findings to Honeywell in September 2019 and the vendor released patches after roughly 2 months, which he says is a fast response time compared to other physical security systems manufacturers he has contacted to report flaws.
Honeywell has shared information about the vulnerabilities in its SN 2019-10-25 01 security notice.
The CVSS score assigned by CISA to the vulnerabilities puts them in the critical severity category, but Honeywell's advisory rates them as high severity - CISA says attack complexity in the CVSS score calculation is low, while Honeywell says it's high.
Kerschbaumer said these vulnerabilities were identified as part of a larger research project into video management systems and access control systems.