CVE-2020-6974 – CVE-2020-6974 is a critical path traversal vuln... (How to Fix)

Q: What is the severity of CVE-2020-6974?

CVE-2020-6974 has a CVSS score of 9.8 (CRITICAL). CVE-2020-6974 is a critical path traversal vulnerability in Honeywell Notifier Web Server (NWS) that allows attackers to access restricted directories and files. This affects organizations using Honeywell fire alarm and emergency communication systems with vulnerable NWS firmware. Attackers can potentially read sensitive configuration files or upload malicious content.

📋 TL;DR

CVE-2020-6974 is a critical path traversal vulnerability in Honeywell Notifier Web Server (NWS) that allows attackers to access restricted directories and files. This affects organizations using Honeywell fire alarm and emergency communication systems with vulnerable NWS firmware. Attackers can potentially read sensitive configuration files or upload malicious content.

💻 Affected Systems

Products:

Honeywell Notifier Web Server (NWS)

Versions: Version 3.50

Operating Systems: Embedded/Proprietary

Default Config Vulnerable: ⚠️ Yes

Notes: Affects fire alarm control panels and emergency communication systems using NWS for web-based management.

📦 What is this software?

Notifier Webserver by Honeywell

View all CVEs affecting Notifier Webserver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to modify fire alarm configurations, disable emergency notifications, or install persistent backdoors on critical safety systems.

🟠

Likely Case

Unauthorized access to sensitive system files, configuration data exposure, and potential for further lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to the vulnerable interface.

🌐 Internet-Facing: HIGH - Web server interface is typically exposed for remote management, making it directly accessible from the internet.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows privilege escalation and access to critical safety system components.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Path traversal vulnerabilities are typically easy to exploit with basic web security testing tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware update beyond Version 3.50

Vendor Advisory: https://www.us-cert.gov/ics/advisories/icsa-20-051-03

Restart Required: Yes

Instructions:

1. Download latest firmware from Honeywell support portal. 2. Backup current configuration. 3. Apply firmware update via web interface or local console. 4. Reboot system. 5. Verify version update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate NWS systems from untrusted networks and restrict access to management interfaces.

Access Control Lists

all

Implement strict firewall rules limiting access to NWS web interface to authorized IP addresses only.

🧯 If You Can't Patch

Implement network segmentation to isolate NWS from other critical systems
Deploy web application firewall (WAF) with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Check web interface version at /version endpoint or login page footer. If version shows 3.50, system is vulnerable.

Check Version:

curl -k https://[NWS_IP]/version or check web interface login page

Verify Fix Applied:

Verify firmware version is updated beyond 3.50 and test path traversal attempts return proper access denied responses.

📡 Detection & Monitoring

Log Indicators:

Multiple 403/404 errors with directory traversal patterns (../, ..\)
Unusual file access attempts outside normal web directories

Network Indicators:

HTTP requests containing ../ patterns
Unusual file extensions or paths in web requests

SIEM Query:

web.url:*../* AND (dst.port:80 OR dst.port:443) AND dst.ip:[NWS_IP_RANGE]

📊 Metadata

CVE ID: CVE-2020-6974

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: April 7, 2020

Last Updated: November 21, 2024

🔗 References

https://www.us-cert.gov/ics/advisories/icsa-20-051-03 Third Party Advisory,US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-051-03 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6974, you might also want to check these: