Cross-Site Request Forgery Vulnerability in Honeywell Tuxedo Touch Home Automation System
CVE-2015-2848

Currently unrated

Key Information:

Vendor: Honeywell
Status: Tuxedo Touch
Vendor: CVE Published:; 26 July 2015

What is CVE-2015-2848?

A security flaw in Honeywell's Tuxedo Touch home automation system prior to version 5.2.19.0_VA exposes users to Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows remote attackers to impersonate legitimate users and execute unauthorized commands related to home automation, potentially compromising home security by hijacking actions such as unlocking doors. Users of the affected versions are advised to update their systems to mitigate these risks.

References

http://www.kb.cert.org/vuls/id/857948

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2015
Vulnerability Reserved
Apr 3, 2015