High
CVE-2020-6960
A SQL injection vulnerability exists that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges.
CVE-2020-6959
he affected products are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution.
Honeywell
MAXPRO VMS & NVR
Please refer to ICS advisory for the list of affected products and updated patches.