CVE-2019-13525 MEDIUM

Published: 2019-10-25 | Last Modified: 2026-06-17 | Status: Modified

Description

In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network.

Additional Descriptions (1)

En IP-AK2 Access Control Panel Versión 1.04.07 y anteriores, el servidor web integrado de los dispositivos afectados podría permitir a atacantes remotos obtener datos de configuración web, que pueden ser accedidos sin autenticación a través de la red.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	LOW
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 1.4

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-306
[email protected]	Primary	en CWE-306

Affected Products

Vendor	Product	Version	Update	Type
honeywell	ip-ak2_firmware	*	<built-in method update of dict object at 0x7c3c2b035480>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:ip-ak2_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:ip-ak2:-:::::::*`

References

https://www.us-cert.gov/ics/advisories/icsa-19-297-02
Source: [email protected]

Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-19-297-02
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource