发布日期：2019-09-12
更新日期：2019-09-19

受影响系统：

Philips Performance IP Series cameras HPW2P1
Philips Performance IP Series cameras HEW4PER3B
Philips Performance IP Series cameras HEW4PER2B
Philips Performance IP Series cameras HEW4PER2
Philips Performance IP Series cameras HEW2PER3
Philips Performance IP Series cameras HEW2PER2
Philips Performance IP Series cameras HED3PR3
Philips Performance IP Series cameras HBW8PR2
Philips Performance IP Series cameras HBW2PER2
Philips Performance IP Series cameras HBW2PER1
Philips Performance IP Series cameras HBD3PR2
Philips Performance IP Series cameras HBD3PR1
Philips Performance IP Series cameras H4W8PR2
Philips Performance IP Series cameras H4W2PER3
Philips Performance IP Series cameras H4W2PER2
Philips Performance IP Series cameras H4D3PRV3
Philips Performance IP Series cameras H4D3PRV2
Philips Performance IP Series cameras H2W4PER3
Philips Performance IP Series cameras H2W2PER3
Philips Performance IP Series cameras H2W2PC1M
Philips Performance Series NVRs HEN643484
Philips Performance Series NVRs HEN643324
Philips Performance Series NVRs HEN643164
Philips Performance Series NVRs HEN64304
Philips Performance Series NVRs HEN64204
Philips Performance Series NVRs HEN32384
Philips Performance Series NVRs HEN323164
Philips Performance Series NVRs HEN32304
Philips Performance Series NVRs HEN32284
Philips Performance Series NVRs HEN322164
Philips Performance Series NVRs HEN32204
Philips Performance Series NVRs HEN321124
Philips Performance Series NVRs HEN32104
Philips Performance Series NVRs HEN32103L
Philips Performance Series NVRs HEN16384
Philips Performance Series NVRs HEN16304
Philips Performance Series NVRs HEN16284
Philips Performance Series NVRs HEN162244
Philips Performance Series NVRs HEN16204
Philips Performance Series NVRs HEN16184
Philips Performance Series NVRs HEN16163
Philips Performance Series NVRs HEN16144
Philips Performance Series NVRs HEN16143
Philips Performance Series NVRs HEN16123
Philips Performance Series NVRs HEN16104
Philips Performance Series NVRs HEN16103L
Philips Performance Series NVRs HEN16103
Philips Performance Series NVRs HEN08144
Philips Performance Series NVRs HEN08143
Philips Performance Series NVRs HEN08123
Philips Performance Series NVRs HEN08113
Philips Performance Series NVRs HEN081124
Philips Performance Series NVRs HEN08104
Philips Performance Series NVRs HEN08103L
Philips Performance Series NVRs HEN08103
Philips Performance Series NVRs HEN04123
Philips Performance Series NVRs HEN04113
Philips Performance Series NVRs HEN04103L
Philips Performance Series NVRs HEN04103

描述：

---

CVE(CAN) ID: CVE-2019-13523

Honeywell Performance IP Series cameras是IP摄像机产品。Performance Series NVR是网络视频录像机（NVR）设备。

Honeywell Performance IP Cameras/Performance NVRs的集成Web服务器存在信息泄露漏洞，远程攻击者未经身份验证即可获取受影响设备JSON格式的Web配置。

<*来源：Ismail Bulbil
  *>

建议：

---

厂商补丁：

Philips
-------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

https://mywebtech.honeywell.com/Home

另外建议下列缓解措施以降低漏洞风险：
*更新受影响设备的固件；
*从互联网中隔离受影响系统或通过创建防火墙或DMZ构建其他防护层；
*远程访问时通过VPN或其他手段安全连接到网络

详情请参考：
https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security-Notification-May-2019-pdf.pdf?la=en-US&hash=15B712A99CD068FF0D8CB494BC96AB46E2122672
https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01
https://www.us-cert.gov/ics/recommended-practices
https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf

浏览次数：2151
严重程度：0（网友投票）