CVE-2020-6960

🗓️ 22 Jan 2020 14:17:07Reported by icscertType

MAXPRO VMS and NVR versions prior to VMS560 Build 595 T2-Patch and MAXPRO NVR XE/SE/PE prior to NVR 5.6 Build 595 T2-Patch are vulnerable to SQL injection, allowing remote unauthenticated access to web UI with admin privileges

Reporter	Title	Published	Views	Family All 7
CNVD	SQL Injection Vulnerability in Multiple Honeywell Products	21 Jan 202000:00	–	cnvd
Cvelist	CVE-2020-6960	22 Jan 202014:17	–	cvelist
EUVD	EUVD-2020-28100	7 Oct 202500:30	–	euvd
ICS	ICSA-20-021-01_Honeywell Maxpro VMS & NVR	21 Jan 202000:00	–	ics
NVD	CVE-2020-6960	22 Jan 202015:15	–	nvd
Prion	Sql injection	22 Jan 202015:15	–	prion
RedhatCVE	CVE-2020-6960	22 May 202517:03	–	redhatcve

NVD

Vulners

Node

honeywell maxpro_nvr_xe_firmwareRange≤5.6

AND

honeywell maxpro_nvr_xeMatch-

Node

honeywell maxpro_nvr_se_firmwareRange≤5.6

AND

honeywell maxpro_nvr_seMatch-

Node

honeywell maxpro_nvr_pe_firmwareRange≤5.6

AND

honeywell maxpro_nvr_peMatch-

Node

honeywell mpnvrswxx_firmwareRange≤5.6

AND

honeywell mpnvrswxxMatch-

Node

honeywell hnmswvms_firmwareRange≤vms560

AND

honeywell hnmswvmsMatch-

Node

honeywell hnmswvmslt_firmwareRange≤vms560

AND

honeywell hnmswvmsltMatch-

[
  {
    "product": "Honeywell Maxpro VMS & NVR",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch"
      }
    ]
  }
]

Source	Link
us-cert	www.us-cert.gov/ics/advisories/icsa-20-021-01

21 Nov 2024 05:36Current

9.7High risk

Vulners AI Score9.7

CVSS 27.5

CVSS 3.19.8

EPSS0.00226

CWE-89