Tuxedo Touch
Sign in to watchby Honeywell
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-2848 | 0.00 | — | 0.00 | Jul 26, 2015 | Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. | ||
| CVE-2015-2847 | 0.00 | — | 0.00 | Jul 26, 2015 | Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. |