Honeywell HIB2PI CCTV Camera (Update B)

Plan PatchCVSS 9.8ICS-CERT ICSA-26-048-04Feb 17, 2026

Honeywell

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Honeywell I-HIB2PI-UL CCTV camera contains an authentication bypass vulnerability (CWE-306) that allows an attacker on the network to access camera feeds and administrative functions without valid credentials. The vulnerability affects all versions of this product. Successful exploitation could lead to account takeover and unauthorized access to camera feeds. The product has been discontinued since April 2025, and no patch will be provided.

What this means

What could happen

An attacker could take over camera accounts without credentials, gaining unauthorized access to CCTV feeds and potentially surveilling facility operations or security vulnerabilities.

Who's at risk

Water utilities and municipal electric utilities using Honeywell I-HIB2PI-UL CCTV cameras for facility security, perimeter surveillance, or substation monitoring. Any organization relying on this discontinued camera model for physical security operations.

How it could be exploited

An attacker on the network can send unauthenticated requests to the camera to bypass account authentication, gain admin access, and view or modify camera settings and video streams.

Prerequisites

Network access to the camera (typically port 80 or 443)
Camera must be reachable from the attacker's network segment
No valid credentials required

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systems

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

I-HIB2PI-UL: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate or retire the affected I-HIB2PI-UL camera units and replace with supported Honeywell models or alternative vendors

WORKAROUNDPlace all remaining I-HIB2PI-UL cameras behind a firewall with access restricted to authorized security personnel only; block external and untrusted network access

HARDENINGIf cameras must remain in service, change default credentials and configure strong, unique passwords for all camera accounts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor camera accounts for unauthorized login activity or access anomalies

CVEs (1)

CVE-2026-1670

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5cd47607-84f6-4091-9550-8ef46544eb6c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.