Client-Side Authentication Bypass in Honeywell Tuxedo Touch
CVE-2015-2847

Currently unrated

Key Information:

Vendor: Honeywell
Status: Tuxedo Touch
Vendor: CVE Published:; 26 July 2015

What is CVE-2015-2847?

Honeywell Tuxedo Touch versions prior to 5.2.19.0_VA are susceptible to a vulnerability that exploits client-side authentication via JavaScript. This security flaw enables remote attackers to bypass intended access controls by manipulating USERACCT requests in the client-server data stream, resulting in unauthorized access to protected resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.kb.cert.org/vuls/id/857948

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Jul 26, 2015
Vulnerability Reserved
Apr 3, 2015

JSON

Honeywell

What is CVE-2015-2847?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.