cvelist/2019/18xxx/CVE-2019-18226.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-18226",
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "n/a",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Honeywell equIP series cameras, Honeywell Performance series IP cameras, Honeywell recorders",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "H2W2GR1 1.000.0000.19.20190819, H3W2GR1 1.000.HW00.21.20190812, H3W2GR1V 1.000.0000.19.20190819, H3W2GR2 1.000.HW00.21.20190812, H3W4GR1 1.000.HW00.21.20190812, H3W4GR1V 1.000.0000.19.20190819, H4D8GR1 2.420.HW00.12.20190819, H4L2GR1 2.420.HW01.33.20190812, H4L2GR1V 1.000.0000.19.20190819, H4L6GR2 1.000.HW02.8.20190813, H4W2GR1 1.000.HW00.21.20190812, H4W2GR1V 1.000.0000.19.20190819, H4W2GR2 1.000.HW00.21.20190812, H4W4GR1 1.000.HW00.21.20190812, H4W4GR1V 1.000.0000.19.20190819, HBD8GR1 2.420.HW00.12.20190819, HBL2GR1 2.420.HW01.33.20190812, HBL2GR1V 1.000.0000.19.20190819, HBL6GR2 1.000.HW02.8.20190813, HBW2GR1 1.000.HW00.21.20190812, HBW2GR1V 1.000.0000.19.20190819, HBW2GR3 1.000.HW00.21.20190812, HBW2GR3V 1.000.0000.19.20190819, HBW4GR1 1.000.HW00.21.20190812, HBW4GR1V 1.000.0000.19.20190819, HCD8G 2.420.HW00.12.20190819, HCL2G 2.420.HW01.33.20190812, HCL2GV 1.000.0000.19.20190819, HCPB302 1.000.0040.3.20190820, HCW2G 1.000.HW00.21.20190812, HCW2GV 1.000.0000.19.20190819, HCW4G 1.000.HW00.21.20190812, HDZ302D 1.000.0043.6.20190820, HDZ302DE 1.000.0043.6.20190820, HDZ302DIN 1.000.0043.6.20190820, HDZ302DIN-C1 1.000.0043.6.20190820, HDZ302DIN-S1 1.000.0043.6.20190820, HDZ302LIK 1.000.0062.3.20190816, HDZ302LIW 1.000.0062.3.20190816, HEPB302W01A04 1.000.0040.3.20190820, HEPB302W01A10 1.000.0040.3.20190820, HEPZ302W0 1.000.0039.3.20190820, HFD6GR1 1.000.HW00.12.20190819, HFD8GR1 1.000.HW00.12.20190819, HM4L8GR1 1.000.HW02.8.20190813, HMBL8GR1 1.000.HW02.8.20190813, HSW2G1 2.460.HW00.5.R.20190827, HSW2G1 2.460.HW00.5.R.20190827, HSWB2G1 2.460.HW00.5.R.20190827, HSWB2G1 2.460.HW00.5.R.20190827"
                                        },
                                        {
                                            "version_value": "H2W2PC1M 1.000.HW01.3.20190820, H2W2PER3 1.000.HW01.3.20190820, H2W2PRV3 1.000.HW01.1.190813, H2W4PER3 1.000.HW01.3.20190820, H2W4PRV3 1.000.HW01.1.190813, H4D3PRV2 1.000.HW01.1.190814, H4D3PRV3 1.000.HW01.1.190814, H4D8PR1 1.000.HW01.3.20190820, H4W2PER2 1.000.HW01.3.20190820, H4W2PER3 1.000.HW01.3.20190820, H4W2PRV2 1.000.HW01.1.190814, H4W4PER2 1.000.HW01.3.20190820, H4W4PER3 1.000.HW01.3.20190820, H4W4PRV2 1.000.HW01.1.190814, H4W4PRV3 1.000.HW01.1.190813, H4W8PR2 1.000.HW01.3.20190820, HBD2PER1 1.000.HW01.3.20190820, HBD3PR1 1.000.HW01.1.190814, HBD3PR2 1.000.HW01.1.190814, HBD8PR1 1.000.HW01.3.20190820, HBW2PER1 1.000.HW01.3.20190820, HBW2PER2 1.000.HW01.3.20190820, HBW2PR1 1.000.HW01.1.190813, HBW2PR2 1.000.HW01.1.190814, HBW4PER1 1.000.HW01.3.20190820, HBW4PER2 1.000.HW01.3.20190820, HBW4PR1 1.000.HW01.1.190813, HBW4PR2 1.000.HW01.1.190814, HBW8PR2 1.000.HW01.3.20190820, HDZP252DI 1.000.HW02.4.20190813, HDZP304DI 1.000.HW10.5.20190812, HED2PER3 1.000.HW01.3.20190820, HED3PR3 1.000.HW01.1.190814, HED8PR1 1.000.HW01.3.20190820, HEW2PER2 1.000.HW01.3.20190820, HEW2PER3 1.000.HW01.3.20190820, HEW2PR1 1.000.HW01.1.190813, HEW2PR2 1.000.HW01.1.190814, HEW2PRW1 1.000.HW01.1.190813, HEW4PER2 1.000.HW01.3.20190820, HEW4PER2B 1.000.HW01.3.20190820, HEW4PER3 1.000.HW01.3.20190820, HEW4PER3B 1.000.HW01.3.20190820, HEW4PR2 1.000.HW01.1.190814, HEW4PR3 1.000.HW01.1.190813, HEW4PRW3 1.000.HW01.1.190813, HFD5PR1 1.000.HW01.1.20190822, HPW2P1 1.000.HW01.3.20190820"
                                        },
                                        {
                                            "version_value": "HEN04102 2.000.HW00.0.R.20190823, HEN04112 2.000.HW00.0.R.20190823, HEN04122 2.000.HW00.0.R.20190823, HEN08102 2.000.HW00.0.R.20190823, HEN08112 2.000.HW00.0.R.20190823, HEN08122 2.000.HW00.0.R.20190823, HEN08142 2.000.HW00.0.R.20190823, HEN08162 2.000.HW00.0.R.20190823, HEN16102 2.000.HW00.0.R.20190823, HEN16122 2.000.HW00.0.R.20190823, HEN16142 2.000.HW00.0.R.20190823, HEN16162 2.000.HW00.0.R.20190823, HEN04103 3.215.00HW001.2.20190821, HEN04113 3.215.00HW001.2.20190821, HEN04123 3.215.00HW001.2.20190821, HEN08103 3.215.00HW001.2.20190821, HEN08113 3.215.00HW001.2.20190821, HEN08123 3.215.00HW001.2.20190821, HEN08143 3.215.00HW001.2.20190821, HEN16103 3.215.00HW001.2.20190821, HEN16123 3.215.00HW001.2.20190821, HEN16143 3.215.00HW001.2.20190821, HEN16163 3.215.00HW001.2.20190821, HEN04103L 3.215.00HW001.2.20190821, HEN08103L 3.215.00HW001.2.20190821, HEN16103L 3.215.00HW001.2.20190821, HEN32103L 3.215.00HW001.2.20190821, HEN08104 3.215.00HW002.2.20190829, HEN08144 3.215.00HW002.2.20190829, HEN081124 3.215.00HW002.2.20190829, HEN16104 3.215.00HW002.2.20190829, HEN16144 3.215.00HW002.2.20190829, HEN16184 3.215.00HW002.2.20190829, HEN32104 3.215.00HW002.2.20190829, HEN321124 3.215.00HW002.2.20190829, HEN16204 3.215.00HW002.2.20190829, HEN16284 3.215.00HW002.2.20190829, HEN162244 3.215.00HW002.2.20190829, HEN32204 3.215.00HW002.2.20190829, HEN32284 3.215.00HW002.2.20190829, HEN322164 3.215.00HW002.2.20190829, HEN64204 3.215.00HW002.2.20190829, HEN642164 3.215.00HW002.2.20190829, HEN16304 3.215.00HW002.2.20190829, HEN16384 3.215.00HW002.2.20190829, HEN32304 3.215.00HW002.2.20190829, HEN32384 3.215.00HW002.2.20190829, HEN323164 3.215.00HW002.2.20190829, HEN64304 3.215.00HW002.2.20190829, HEN643164 3.215.00HW002.2.20190829, HEN643324 3.215.00HW002.2.20190829, HEN643484 3.215.00HW002.2.20190829, HRHT4040 1.000.00HW001.2.190822, HRHT4041 1.000.00HW001.2.190822, HRHT4042 1.000.00HW001.2.190822, HRHT4080 1.000.00HW001.2.190822, HRHT4082 1.000.00HW001.2.190822, HRHT4084 1.000.00HW001.2.190822, HRHT4160 1.000.00HW001.2.190822, HRHT4162 1.000.00HW001.2.190822, HRHT4164 1.000.00HW001.2.190822, HRHT4166 1.000.00HW001.2.190822, HRHT41612 1.000.00HW001.2.190822, HRHQ1040 1.000.00HW001.1.190822, HRHQ1040L 1.000.00HW001.1.190822, HRHQ1041 1.000.00HW001.1.190822, HRHQ1080 1.000.00HW001.1.190822, HRHQ1080L 1.000.00HW001.1.190822, HRHQ1081 1.000.00HW001.1.190822, HRHQ1082 1.000.00HW001.1.190822, HRHQ1160 1.000.00HW001.1.190822, HRHQ1161 1.000.00HW001.1.190822, HRHQ1162 1.000.00HW001.1.190822, HRHQ1164 1.000.00HW001.1.190822"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "name": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04",
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-304-04"
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products."
            }
        ]
    }
}