The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-021-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Information
Published : 2020-01-22 07:15
Updated : 2020-02-07 09:23
NVD link : CVE-2020-6960
Mitre link : CVE-2020-6960
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
honeywell
- maxpro_nvr_pe_firmware
- mpnvrswxx_firmware
- hnmswvms_firmware
- maxpro_nvr_xe
- maxpro_nvr_se_firmware
- maxpro_nvr_xe_firmware
- hnmswvmslt
- maxpro_nvr_pe
- hnmswvmslt_firmware
- hnmswvms
- maxpro_nvr_se
- mpnvrswxx