OTPulse
FeedAboutContact

Honeywell HIB2PI CCTV Camera (Update B)

Act Now9.8ICS-CERT ICSA-26-048-04Feb 17, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The Honeywell I-HIB2PI-UL CCTV camera contains an authentication bypass vulnerability (CWE-306) that allows an attacker on the network to take over administrator accounts and access camera feeds without valid credentials. The product has been discontinued as of April 2025. Honeywell is not planning to release patches for this product line.

What this means
What could happen
An attacker with network access could take over administrator accounts and gain unauthorized access to live camera feeds and recorded video, compromising physical security monitoring of critical infrastructure sites.
Who's at risk
Water authorities and electric utilities using Honeywell I-HIB2PI-UL CCTV cameras for perimeter security monitoring, equipment room surveillance, or facility access control. This affects any organization relying on these cameras for physical security of critical infrastructure sites.
How it could be exploited
An attacker on the network sends a specially crafted request to the camera's authentication mechanism (CWE-306: Missing Authentication Check). The camera fails to properly validate credentials, allowing the attacker to assume administrator privileges without needing valid credentials and access camera feeds and configuration.
Prerequisites
  • Network access to the HIB2PI camera on its management port (typically HTTP/HTTPS)
  • No valid credentials required
Remotely exploitableNo authentication requiredLow attack complexityNo patch available (product discontinued)Affects security monitoring systems
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
I-HIB2PI-UL: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDImmediately place the HIB2PI camera behind a firewall that blocks inbound access from untrusted networks, including the internet
HARDENINGImplement network segmentation to isolate the camera on a dedicated physical or virtual network segment separate from critical operational systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Honeywell customer service for end-of-life guidance and migration path to a supported replacement camera model
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/5cd47607-84f6-4091-9550-8ef46544eb6c
Honeywell HIB2PI CCTV Camera (Update B) | CVSS 9.8 - OTPulse