Vulnerabilities (CVE)

Filtered by vendor Honeywell Subscribe
Total 88 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-14825 2 Google, Honeywell 15 Android, Ck75, Cn51 and 12 more 2024-11-21 6.8 MEDIUM 5.8 MEDIUM
On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents.
CVE-2017-5671 1 Honeywell 14 Intermec Pc23, Intermec Pc23 Firmware, Intermec Pc42 and 11 more 2024-11-21 7.2 HIGH 8.8 HIGH
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.
CVE-2017-5143 1 Honeywell 1 Xl Web Ii Controller 2024-11-21 7.5 HIGH 8.6 HIGH
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.
CVE-2017-5142 1 Honeywell 1 Xl Web Ii Controller 2024-11-21 6.5 MEDIUM 9.1 CRITICAL
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management.
CVE-2017-5141 1 Honeywell 1 Xl Web Ii Controller 2024-11-21 6.5 MEDIUM 6.0 MEDIUM
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION).
CVE-2017-5140 1 Honeywell 1 Xl Web Ii Controller 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.
CVE-2017-5139 1 Honeywell 1 Xl Web Ii Controller 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.
CVE-2017-14263 1 Honeywell 14 Enterprise Dvr, Enterprise Dvr Firmware, Fusion Iv Rev C and 11 more 2024-11-21 9.3 HIGH 8.1 HIGH
Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device.
CVE-2016-8344 1 Honeywell 1 Experion Process Knowledge System 2024-11-21 4.3 MEDIUM 3.7 LOW
An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices.
CVE-2016-2280 1 Honeywell 1 Uniformance Process History Database 2024-11-21 7.8 HIGH 7.5 HIGH
Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors.
CVE-2015-7908 1 Honeywell 4 Midas, Midas Black, Midas Black Firmware and 1 more 2024-11-21 9.3 HIGH N/A
Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.
CVE-2015-7907 1 Honeywell 2 Midas Black Firmware, Midas Firmware 2024-11-21 6.4 MEDIUM 8.6 HIGH
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.
CVE-2015-2848 1 Honeywell 1 Tuxedo Touch 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.
CVE-2015-2847 1 Honeywell 1 Tuxedo Touch 2024-11-21 5.0 MEDIUM N/A
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.
CVE-2015-0984 1 Honeywell 8 Excel Web Xl 1000c1000 600 I\/o, Excel Web Xl 1000c1000 600 I\/o Uukl, Excel Web Xl 1000c100 104 I\/o and 5 more 2024-11-21 10.0 HIGH N/A
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.
CVE-2014-9189 1 Honeywell 1 Experion Process Knowledge System 2024-11-21 10.0 HIGH 9.8 CRITICAL
Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
CVE-2014-9187 1 Honeywell 1 Experion Process Knowledge System 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
CVE-2014-9186 1 Honeywell 1 Experion Process Knowledge System 2024-11-21 7.5 HIGH 9.8 CRITICAL
A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
CVE-2014-8269 1 Honeywell 1 Opos Suite 2024-11-21 7.5 HIGH N/A
Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method.
CVE-2014-5436 1 Honeywell 1 Experion Process Knowledge System 2024-11-21 5.0 MEDIUM 7.5 HIGH
A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.