CVE-2020-6972

EPSS 1.3%CWE-294

In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.

Affected products

Honeywell · Notifier Web Server (NWS) Version 3.50 and earlier

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.us-cert.gov/ics/advisories/icsa-20-051-03