Critical Vulnerabilities in Honeywell Fire Alarm Systems

Organizations that use Honeywell NWS-3 fire alarm servers should update to firmware 4.51. All critical servers, especially those with web-based administration interfaces, should be isolated from the Internet to prevent attackers from probing for vulnerabilities. If administrators need remote access, critical systems should be protected by first requiring connection to a corporate VPN that uses multi-factor authentication and client certificates. Servers and workstations should be monitored for patterns of unusual access that may indicate an intrusion. Collecting server logs to a central repository and processing in a Security Information and Event Management (SIEM) monitored by a Security Operations Center (SOC) are important elements of a defense-in-depth strategy. For more information, please see: https://www.securityweek.com/vulnerabilities-allow-hackers-access-honeywell-fire-alarm-systems and https://www.us-cert.gov/ics/advisories/icsa-20-051-03