Honeywell MPA2 Access Panel Vulnerable to Cross-site Scripting Attacks
CVE-2023-1841

4.8MEDIUM

Key Information:

Vendor: Honeywell
Status: Mpa2 Access Panel
Vendor: CVE Published:; 29 February 2024

What is CVE-2023-1841?

An improperly neutralized input issue has been identified within the web server modules of the Honeywell MPA2 Access Panel, leading to a cross-site scripting (XSS) vulnerability. This flaw permits attackers to inject malicious scripts during web page generation by exploiting invalid characters. All versions of the MPA2 Access Panel prior to R1.00.08.05 are susceptible to this security risk. Users are advised to upgrade to firmware version R1.00.08.05 or later to mitigate this vulnerability effectively. The latest firmware rectifies the reported issue and enhances overall security.

Affected Version(s)

MPA2 Access Panel 0

References

https://buildings.honeywell.com/us/en/brands/our-brands/s...

https://https://www.honeywell.com/us/en/product-security

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Apr 4, 2023

Credit

Ken Pyle from CYBIR ([email protected])