Security News > 2020 > January > Serious Vulnerabilities Expose Honeywell Surveillance Systems to Attacks

Serious Vulnerabilities Expose Honeywell Surveillance Systems to Attacks
2020-01-23 12:14

Some of Honeywell's MAXPRO video surveillance systems are affected by serious vulnerabilities that can be exploited by hackers to take complete control of the system, a researcher has discovered.

Researcher Joachim Kerschbaumer told SecurityWeek that he reported his findings to Honeywell in September 2019 and the vendor released patches after roughly 2 months, which he says is a fast response time compared to other physical security systems manufacturers he has contacted to report flaws.

Honeywell has shared information about the vulnerabilities in its SN 2019-10-25 01 security notice.

The CVSS score assigned by CISA to the vulnerabilities puts them in the critical severity category, but Honeywell's advisory rates them as high severity - CISA says attack complexity in the CVSS score calculation is low, while Honeywell says it's high.

Kerschbaumer said these vulnerabilities were identified as part of a larger research project into video management systems and access control systems.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/P5LHpHkhDDw/serious-vulnerabilities-expose-honeywell-surveillance-systems-attacks

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Honeywell 189 1 15 38 23 77