PT-2022-10901 · Honeywell · Honeywell Hdzp252Di+1

Published

2022-02-24

Updated

2022-03-09

CVE-2021-39364

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Honeywell HDZP252DI version 1.00.HW02.4 Honeywell HBW2PER1 version 1.000.HW01.3

Description The issue allows command spoofing for camera control after ARP cache poisoning has been achieved. This can potentially lead to unauthorized control of the camera.

Recommendations For Honeywell HDZP252DI version 1.00.HW02.4, consider implementing security measures to prevent ARP cache poisoning. For Honeywell HBW2PER1 version 1.000.HW01.3, consider implementing security measures to prevent ARP cache poisoning. As a temporary workaround, consider restricting access to the camera control functionality until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-294

Related Identifiers

CVE-2021-39364

Affected Products

Honeywell Hbw2Per1

Honeywell Hdzp252Di

PT-2022-10901 · Honeywell · Honeywell Hdzp252Di+1

CVE-2021-39364

Weakness Enumeration

Related Identifiers

Affected Products

References · 9