Refine your search
1 vulnerability found for 25M IPC by Honeywell
CVE-2026-1670 (GCVE-0-2026-1670)
Vulnerability from cvelistv5
Published
2026-02-17 22:56
Modified
2026-02-18 20:45
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Honeywell | I-HIB2PI-UL 2MP IP |
Version: 6.1.22.1216 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:45:37.144272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:45:46.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "I-HIB2PI-UL 2MP IP",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "6.1.22.1216"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMB NDAA MVO-3",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "WDR_2MP_32M_PTZ_v2.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PTZ WDR 2MP 32M",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "WDR_2MP_32M_PTZ_v2.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "25M IPC",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "WDR_2MP_32M_PTZ_v2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported this vulnerability to CISA."
}
],
"datePublic": "2026-02-17T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the \"forgot password\" recovery email address."
}
],
"value": "The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the \"forgot password\" recovery email address."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T22:56:00.586Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-048-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-048-04.json"
},
{
"url": "https://www.honeywell.com/us/en/contact/support"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Honeywell recommends users contact Honeywell at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.honeywell.com/us/en/contact/support\"\u003ehttps://www.honeywell.com/us/en/contact/support\u003c/a\u003e for patch information.\u003cbr\u003e"
}
],
"value": "Honeywell recommends users contact Honeywell at https://www.honeywell.com/us/en/contact/support for patch information."
}
],
"source": {
"advisory": "ICSA-26-048-04",
"discovery": "EXTERNAL"
},
"title": "Honeywell CCTV Products Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1670",
"datePublished": "2026-02-17T22:56:00.586Z",
"dateReserved": "2026-01-30T00:35:22.440Z",
"dateUpdated": "2026-02-18T20:45:46.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}