Vulnerabilities in Honeywell Tuxedo Touch controller are the latest batch of vulnerabilities to hit home automation equipment. The controller is designed to allow users to control home systems such as security, climate control, lighting, and others. There are two separate vulnerabilities in the controller: an authentication bypass bug and a cross-site request forgery flaw. An attacker can take arbitrary actions, including unlocking doors or modifying climate controls in the house, researcher Maxim Rupp said. Rupp, a German researcher, said exploiting the vulnerability is exceedingly simple.
Source: https://threatpost.com/pair-of-bugs-open-honeywell-home-controllers-up-to-easy-hacks/113965/