CVE-2020-6972

CRITICAL

Honeywell Fire Web Server <3.50 - Auth Bypass

Title source: llm

Description

In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.

References (1)

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsa-20-051-03

Scores

CVSS v3 9.1

EPSS 0.0014

EPSS Percentile 34.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-294

Status published

Products (1)

honeywell/notifier_webserver < 3.50

Published Mar 24, 2020

Tracked Since Feb 18, 2026