Intrusion Prevention



This indicates an attempt to exploit an Arbitrary File Download vulnerability in Honeywell Tema Remote Installer ActiveX Control.
The vulnerability is caused by Honeywell Tema Remote Installer ActiveX Control's failure to check the parameters that are passed to the "DownloadFromURL()" method. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and download arbitrary file.

Affected Products

Honeywell TEMA 5.3.1
Honeywell TEMA 5.3.0
Honeywell TEMA 5.2
Honeywell TEMA 4.9
Honeywell TEMA 4.8
Honeywell TEMA 4.10
Honeywell EBI R410.2
Honeywell EBI R410.1
Honeywell EBI R400.2 SP1
Honeywell EBI R310.1


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.