Rewterz Threat Advisory – ICS: Rockwell Automation FactoryTalk Diagnostics
February 21, 2020Rewterz Threat Advisory – CVE-2019-16028 – Cisco Firepower Management Center
February 23, 2020Rewterz Threat Advisory – ICS: Rockwell Automation FactoryTalk Diagnostics
February 21, 2020Rewterz Threat Advisory – CVE-2019-16028 – Cisco Firepower Management Center
February 23, 2020Severity
High
Analysis Summary
CVE-2020-6972
The Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.
CVE-2020-6974
The affected product is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories.
Impact
- Authentication Bypass by Capture-replay
- Path Traversal
Affected Vendors
Honeywell
Affected Products
Notifier Web Server (NWS) Version 3.50 and earlier
Remediation
Honeywell has released a firmware update package |