Honeywell Maxpro VMS & NVR (ICSA-20-021-01) – Products Used in the Energy Sector

CISA has released an advisory on deserialization of untrusted data and SQL injection vulnerabilities in Honeywell MAXPRO VMS & NVR. Multiple products and versions of these products are affected. Successful exploitation of these vulnerabilities could result in elevation of privileges, cause a denial-of-service condition, or allow unauthenticated remote code execution. Honeywell recommends users update VMS 560 Build 595 T2-Patch for affected VMS systems, and NVR 5.6 Build 595 T2-Patch for affected NVR systems. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.