Honeywell equIP Series IP Cameras

Monitor7.5ICS-CERT ICSA-19-304-02Oct 31, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Honeywell equIP Series IP cameras contain an improper input validation vulnerability (CWE-20) that can result in denial-of-service conditions. Affected models include H4L2GR1, HBL2GR1, HCL2G, H4W2GR1, H4W2GR2, H4W4GR1, H3W2GR1, H3W2GR2, H3W4GR1, HBW2GR1, HBW4GR1, HBW2GR3, HCW2G, and HCW4G with firmware versions before the August 12, 2019 update.

What this means

What could happen

An attacker could send specially crafted network traffic to crash the camera, making it unavailable for surveillance and potentially creating blind spots in security monitoring systems that rely on continuous video feed.

Who's at risk

Organizations operating Honeywell equIP Series IP cameras (including H4, H3, HB, and HC models with both wired and PoE variants) used for surveillance in water utilities, electric substations, and other critical infrastructure should apply this update. Any facility relying on these cameras for perimeter monitoring or critical area coverage is affected.

How it could be exploited

An attacker with network access to the camera can send a malformed input that triggers improper validation logic, causing the device to become unresponsive or reboot. The attack is triggered over the network without requiring credentials.

Prerequisites

Network reachability to the camera (port not specified but likely HTTP/HTTPS or management interface)
No authentication required

Remotely exploitableNo authentication requiredLow complexity attackNo patch available (end-of-life products)Affects surveillance and security monitoring

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (14)

14 EOL

ProductAffected VersionsFix Status

HBL2GR1: <2.420.HW01.33.20190812<2.420.HW01.33.20190812No fix (EOL)

HCL2G: <2.420.HW01.33.20190812<2.420.HW01.33.20190812No fix (EOL)

H4W2GR1: <1.000.HW00.21.20190812<1.000.HW00.21.20190812No fix (EOL)

H4W2GR2: <1.000.HW00.21.20190812<1.000.HW00.21.20190812No fix (EOL)

H4W4GR1: <1.000.HW00.21.20190812<1.000.HW00.21.20190812No fix (EOL)

H3W2GR1: <1.000.HW00.21.20190812<1.000.HW00.21.20190812No fix (EOL)

H3W4GR1: <1.000.HW00.21.20190812<1.000.HW00.21.20190812No fix (EOL)

HBW2GR1: <1.000.HW00.21.20190812<1.000.HW00.21.20190812No fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDPlace affected cameras behind a firewall or in a DMZ to restrict unauthorized network access

HARDENINGIsolate vulnerable cameras from direct Internet access or require VPN authentication for remote connectivity

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate firmware on all affected Honeywell equIP Series cameras to version 2.420.HW01.33.20190812 or later (H4L2GR1, HBL2GR1, HCL2G models) or 1.000.HW00.21.20190812 or later (H4W2GR1, H4W2GR2, H4W4GR1, H3W2GR1, H3W2GR2, H3W4GR1, HBW2GR1, HBW4GR1, HBW2GR3, HCW2G, HCW4G models). Firmware packages are available from https://mywebtech.honeywell.com/Home

CVEs (1)

CVE-2019-18228

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6b04ce0b-eca2-4fee-8fd6-179a3b1ba126