Description
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02
Scores
CVSS v3
8.6
EPSS
0.0359
EPSS Percentile
88.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Details
CWE
CWE-22
Status
published
Products (2)
honeywell/midas_black_firmware
< 2.13b1
honeywell/midas_firmware
< 1.13b1
Published
Dec 21, 2015
Tracked Since
Feb 18, 2026