OTPulse
FeedAboutContact

Honeywell NOTI-FIRE-NET Web Server (NWS-3)

Act Now9.4ICS-CERT ICSA-20-051-03Feb 20, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Honeywell NOTI-FIRE-NET Web Server (NWS-3) contains authentication bypass vulnerabilities (CWE-294, CWE-22) affecting all versions up to 3.50. Successful exploitation allows an attacker to bypass web server authentication methods without requiring valid credentials.

What this means
What could happen
An attacker could bypass authentication and gain administrative access to the NWS-3 web server, potentially allowing them to modify fire alarm system configurations, disable notifications, or alter system behavior that protects buildings and occupants from fire hazards.
Who's at risk
Building security and life safety teams responsible for fire alarm systems should prioritize this immediately. This affects Honeywell NOTI-FIRE-NET systems in commercial buildings, industrial facilities, hospitals, schools, and any structure relying on centralized fire alarm management through the NWS-3 web interface.
How it could be exploited
An attacker on the network or internet reaches the NWS-3 web server on its default port and exploits the authentication bypass vulnerability to access the administrative interface without valid credentials. Once authenticated, the attacker can reconfigure the fire alarm system behavior.
Prerequisites
  • Network reachability to the NWS-3 web server port
  • No valid credentials required
remotely exploitableno authentication requiredlow complexityaffects safety systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
NOTI-FIRE-NET Web Server (NWS-3):≤ 3.50> 3.50
Remediation & Mitigation
0/5
Do now
0/4
HOTFIXUpdate NWS-3 firmware to the patched version provided by Honeywell (login required to download from Honeywell portal)
HARDENINGIsolate NWS-3 from direct internet access by placing it behind a firewall or in a DMZ
HARDENINGIf remote access to NWS-3 is required, enforce VPN access rather than direct internet exposure
HARDENINGEnsure strong, unique passwords are set on all NWS-3 user accounts to add a compensating layer if the vulnerability is not immediately patchable
Long-term hardening
0/1
HARDENINGLocate the NWS-3 and its network on a segregated control system network isolated from business networks
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/8a779ad3-cd07-4a29-a0b4-48feccdaeb8d
Honeywell NOTI-FIRE-NET Web Server (NWS-3) | CVSS 9.4 - OTPulse