CVE-2019-18230 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
icscert	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Vendor	Product	Version
honeywell	h4d8pr1_firmware	𝑥 < 1.000.hw01.3.20190820
honeywell	hfd5pr1_firmware	𝑥 < 1.000.hw01.1.20190822
honeywell	hpw2p1_firmware	𝑥 < 1.000.hw01.3.20190820
honeywell	hdzp304di_firmware	𝑥 < 1.000.hw10.5.20190812
honeywell	hdzp252di_firmware	𝑥 < 1.000.hw02.3.20181109
honeywell	hdz302din-s1_firmware	𝑥 < 1.000.0041.20180530
honeywell	hdz302lik_firmware	𝑥 < 1.000.61.1.20180607
honeywell	hdz302liw_firmware	𝑥 < 1.000.61.1.20180607
honeywell	hfd6gr1_firmware	𝑥 < 1.000.hw00.9.20180510
honeywell	hfd8gr1_firmware	𝑥 < 1.000.hw00.9.20180510
honeywell	hm4l8gr1_firmware	𝑥 < 1.000.hw02.8.20190813
honeywell	hmbl8gr1_firmware	𝑥 < 1.000.hw02.8.20190813
honeywell	h2w2gr1_firmware	𝑥 < 1.000.0000.18.20190409
honeywell	h3w2gr1_firmware	𝑥 < 1.000.hw00.21.20190812
honeywell	h3w2gr1v_firmware	𝑥 < 1.000.0000.18.20190409
honeywell	h3w2gr2_firmware	𝑥 < 1.000.hw00.21.20190812
honeywell	h3w4gr1_firmware	𝑥 < 1.000.hw00.21.20190812
honeywell	h3w4gr1v_firmware	𝑥 < 1.000.0000.18.20190409
honeywell	h4d8gr1_firmware	𝑥 < 2.420.hw00.9.20180510
honeywell	h4l2gr1_firmware	𝑥 < 1.000.0000.18.20190423
honeywell	h4l2gr1v_firmware	𝑥 < 1.000.0000.18.20190423
honeywell	h4l6gr2_firmware	𝑥 < 1.000.hw02.8.20190813
honeywell	h4lggr2_firmware	𝑥 < 1.000.hw04.3.20190813
honeywell	h4w2gr1_firmware	𝑥 < 1.000.hw00.21.20190812
honeywell	h4w2gr1v_firmware	𝑥 < 1.000.0000.18.20190409
honeywell	h4w2gr2_firmware	𝑥 < 1.000.hw00.21.20190812
honeywell	h4w4gr1_firmware	𝑥 < 1.000.hw00.21.20190812
honeywell	h4w4gr1v_firmware	𝑥 < 1.000.0000.18.20190409
honeywell	hbd8gr1_firmware	𝑥 < 2.420.hw00.9.20180510
honeywell	hbl2gr1_firmware	𝑥 < 2.420.hw01.33.20190812
honeywell	hbl2gr1v_firmware	𝑥 < 1.000.0000.18.20190423
honeywell	hbl6gr2_firmware	𝑥 < 1.000.hw04.3.20190813
honeywell	hbl6gr2_firmware	𝑥 < 1.000.hw02.8.20190813
honeywell	hbw2gr1_firmware	𝑥 < 1.000.hw00.21.20190812
honeywell	hbw2gr1v_firmware	𝑥 < 1.000.0000.18.20190409
honeywell	hbw2gr3_firmware	𝑥 < 1.000.hw00.21.20190812
honeywell	hbw2gr3v_firmware	𝑥 < 1.000.0000.18.20190409
honeywell	hbw4gr1_firmware	𝑥 < 1.000.hw00.21.20190812
honeywell	hbw4gr1v_firmware	𝑥 < 1.000.0000.18.20190409
honeywell	hcd8g_firmware	𝑥 < 2.420.hw00.9.20180510
honeywell	hcl2g_firmware	𝑥 < 1.000.0000.18.20190423
honeywell	hcl2gv_firmware	𝑥 < 1.000.0000.18.20190423
honeywell	hcw2g_firmware	𝑥 < 1.000.hw00.21.20190812
honeywell	hcw2gv_firmware	𝑥 < 1.000.0000.18.20190409
honeywell	hcw4g_firmware	𝑥 < 1.000.hw00.21.20190812
honeywell	hdz302d_firmware	𝑥 < 1.000.0041.20180530
honeywell	hdz302de_firmware	𝑥 < 1.000.0041.20180530
honeywell	hdz302din_firmware	𝑥 < 1.000.0041.20180530
honeywell	hdz302din-c1_firmware	𝑥 < 1.000.0041.20180530

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-306 - Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

https://www.us-cert.gov/ics/advisories/icsa-19-304-03