PT-2020-14750 · Honeywell · Command Centre
Published
2020-09-15
·
Updated
2021-11-18
·
CVE-2020-16098
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Command Centre versions prior to 8.20.1166(MR3)
Command Centre versions 8.10 prior to 8.10.1211(MR5)
Command Centre versions 8.00 prior to 8.00.1228(MR6)
Command Centre versions 7.90 and earlier
Description
It is possible to enumerate access card credentials via an unauthenticated network connection to the server. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.
Recommendations
For versions prior to 8.20.1166(MR3), update to version 8.20.1166(MR3) or later.
For versions 8.10 prior to 8.10.1211(MR5), update to version 8.10.1211(MR5) or later.
For versions 8.00 prior to 8.00.1228(MR6), update to version 8.00.1228(MR6) or later.
For versions 7.90 and earlier, update to a version later than 7.90.
Fix
Improper Authentication
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Command Centre