CVE-2020-6960: SQL Injection
First published: Wed Jan 22 2020(Updated: )
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Honeywell Maxpro Nvr Xe Firmware | <=5.6 | |
| Honeywell Maxpro Nvr Xe | ||
| Honeywell Maxpro Nvr Se Firmware | <=5.6 | |
| Honeywell Maxpro Nvr Se | ||
| Honeywell Maxpro Nvr Pe Firmware | <=5.6 | |
| Honeywell Maxpro Nvr Pe | ||
| Honeywell Mpnvrswxx Firmware | <=5.6 | |
| Honeywell Mpnvrswxx | ||
| Honeywell Hnmswvms Firmware | <=vms560 | |
| Honeywell Hnmswvms | ||
| Honeywell Hnmswvmslt Firmware | <=vms560 | |
| Honeywell Hnmswvmslt |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-6960?
CVE-2020-6960 is a critical vulnerability affecting Honeywell MAXPRO VMS and NVR products.
Which versions of MAXPRO VMS and NVR are affected by CVE-2020-6960?
The following versions are affected: MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch.
What is the severity of CVE-2020-6960?
CVE-2020-6960 has a severity rating of critical (9.8).
How can I fix CVE-2020-6960?
To fix CVE-2020-6960, it is recommended to update MAXPRO VMS and NVR products to at least Version VMS560 Build 595 T2-Patch.
Where can I find more information about CVE-2020-6960?
You can find more information about CVE-2020-6960 on the official US-CERT website: https://www.us-cert.gov/ics/advisories/icsa-20-021-01
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/event
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/honeywell
- canonical/honeywell maxpro nvr xe firmware
- version/honeywell maxpro nvr xe firmware/5.6
- canonical/honeywell maxpro nvr xe
- canonical/honeywell maxpro nvr se firmware
- version/honeywell maxpro nvr se firmware/5.6
- canonical/honeywell maxpro nvr se
- canonical/honeywell maxpro nvr pe firmware
- version/honeywell maxpro nvr pe firmware/5.6
- canonical/honeywell maxpro nvr pe
- canonical/honeywell mpnvrswxx firmware
- version/honeywell mpnvrswxx firmware/5.6
- canonical/honeywell mpnvrswxx
- canonical/honeywell hnmswvms firmware
- version/honeywell hnmswvms firmware/vms560
- canonical/honeywell hnmswvms
- canonical/honeywell hnmswvmslt firmware
- version/honeywell hnmswvmslt firmware/vms560
- canonical/honeywell hnmswvmslt