CISA has published an advisory on authentication bypass by capture-replay and path traversal vulnerabilities in Honeywell NOTI-FIRE-NET Web Server. Versions 3.50 and earlier are affected. Successful exploitation of these vulnerabilities could result in an attacker bypassing web server authentication methods. Honeywell has released a firmware update package for all affected products and also recommends steps for users to protect themselves. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.