Honeywell MPA2 Access Panel Vulnerable to Cross-site Scripting Attacks
CVE-2023-1841

4.8MEDIUM

Key Information:

Vendor

Honeywell

Vendor
CVE Published:
29 February 2024

What is CVE-2023-1841?

An improperly neutralized input issue has been identified within the web server modules of the Honeywell MPA2 Access Panel, leading to a cross-site scripting (XSS) vulnerability. This flaw permits attackers to inject malicious scripts during web page generation by exploiting invalid characters. All versions of the MPA2 Access Panel prior to R1.00.08.05 are susceptible to this security risk. Users are advised to upgrade to firmware version R1.00.08.05 or later to mitigate this vulnerability effectively. The latest firmware rectifies the reported issue and enhances overall security.

Affected Version(s)

MPA2 Access Panel 0

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ken Pyle from CYBIR ([email protected])
.
CVE-2023-1841 : Honeywell MPA2 Access Panel Vulnerable to Cross-site Scripting Attacks