CVE-2015-2848

Name of the Vulnerable Software and Affected Versions Honeywell Tuxedo Touch versions prior to 5.2.19.0 VA

Description A cross-site request forgery issue allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands. This can be demonstrated by a door-unlock command.

Recommendations For versions prior to 5.2.19.0 VA, update to version 5.2.19.0 VA or later to resolve the issue. As a temporary workaround, consider restricting access to home-automation commands to minimize the risk of exploitation.