Honeywell IP-AK2 (ICSA-19-297-02) – Product Used in the Energy Sector

CISA has published an advisory on a missing authentication for critical function vulnerability in Honeywell IP-AK2. Versions 1.04.07 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to download configuration files directly through a URL without authentication, exposing configuration and authorized visitor information. Honeywell released new firmware Version 1.04.15 and recommends affected users contact Honeywell customer support to resolve the issue. CISA also recommends a list of actions to mitigate this vulnerability. Read the advisory at CISA.