Iq Multiaccess
Monthly
Honeywell IQ MultiAccess physical access control software, all versions through V28, improperly verifies digital signatures on downloaded files due to a time-of-check/time-of-use (TOCTOU) race condition, allowing a local low-privileged attacker to replace a legitimately verified file with a malicious one in the window between signature check and file consumption. Successful exploitation yields high integrity and availability impact on the vulnerable system, as the replaced file may execute attacker-controlled code or corrupt system components. No public exploit identified at time of analysis; Honeywell has released patches V27 SP1 and V28 SP1.
Honeywell IQ MultiAccess physical access control software, all versions through V28, improperly verifies digital signatures on downloaded files due to a time-of-check/time-of-use (TOCTOU) race condition, allowing a local low-privileged attacker to replace a legitimately verified file with a malicious one in the window between signature check and file consumption. Successful exploitation yields high integrity and availability impact on the vulnerable system, as the replaced file may execute attacker-controlled code or corrupt system components. No public exploit identified at time of analysis; Honeywell has released patches V27 SP1 and V28 SP1.