Filtered by vendor Honeywell
Subscribe
Total
87 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3243 | 1 Honeywell | 2 Alerton Bcm-web, Alerton Bcm-web Firmware | 2024-08-02 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product such as Alerton ACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. | |||||
| CVE-2023-5390 | 1 Honeywell | 4 Controledge Unit Operations Controller, Controledge Unit Operations Controller Firmware, Controledge Virtual Unit Operations Controller and 1 more | 2024-07-09 | N/A | 5.3 MEDIUM |
| An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-26597 | 1 Honeywell | 2 C300, C300 Firmware | 2024-04-22 | N/A | 7.5 HIGH |
| Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-25948 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-04-22 | N/A | 7.5 HIGH |
| Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-25770 | 1 Honeywell | 2 C300, C300 Firmware | 2024-04-22 | N/A | 7.5 HIGH |
| Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-25178 | 1 Honeywell | 2 C300, C300 Firmware | 2024-04-22 | N/A | 9.8 CRITICAL |
| Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-25078 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-04-22 | N/A | 7.5 HIGH |
| Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-24480 | 1 Honeywell | 2 C300, C300 Firmware | 2024-04-22 | N/A | 7.5 HIGH |
| Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-23585 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-04-22 | N/A | 7.5 HIGH |
| Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-6179 | 1 Honeywell | 1 Prowatch | 2024-02-28 | N/A | 7.8 HIGH |
| Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5). | |||||
| CVE-2023-5389 | 1 Honeywell | 4 Controledge Unit Operations Controller, Controledge Unit Operations Controller Firmware, Controledge Virtual Unit Operations Controller and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2023-22435 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. | |||||
| CVE-2023-3710 | 1 Honeywell | 2 Pm43, Pm43 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). | |||||
| CVE-2023-3712 | 1 Honeywell | 2 Pm43, Pm43 Firmware | 2024-02-28 | N/A | 7.8 HIGH |
| Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). | |||||
| CVE-2023-3711 | 1 Honeywell | 2 Pm43, Pm43 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). | |||||
| CVE-2023-24474 | 1 Honeywell | 4 Direct Station, Engineering Station, Experion Server and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message | |||||
| CVE-2022-43485 | 1 Honeywell | 2 Onewireless Network Wireless Device Manager, Onewireless Network Wireless Device Manager Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
| Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1 | |||||
| CVE-2022-4240 | 1 Honeywell | 2 Onewireless Network Wireless Device Manager, Onewireless Network Wireless Device Manager Firmware | 2024-02-28 | N/A | 7.5 HIGH |
| Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1 | |||||
| CVE-2022-46361 | 1 Honeywell | 2 Onewireless Network Wireless Device Manager, Onewireless Network Wireless Device Manager Firmware | 2024-02-28 | N/A | 6.8 MEDIUM |
| An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2. | |||||
| CVE-2022-30244 | 1 Honeywell | 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware | 2024-02-28 | N/A | 8.0 HIGH |
| Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function. | |||||