Filtered by vendor Honeywell
Subscriptions
Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5435 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-08-06 | N/A |
| An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | ||||
| CVE-2014-3110 | 1 Honeywell | 2 Falcon Xlweb Linux Controller, Falcon Xlweb Xlwebexe | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input. | ||||
| CVE-2014-2717 | 1 Honeywell | 2 Falcon Xlweb Linux Controller, Falcon Xlweb Xlwebexe | 2024-08-06 | N/A |
| Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page. | ||||
| CVE-2015-7907 | 1 Honeywell | 2 Midas Black Firmware, Midas Firmware | 2024-08-06 | N/A |
| Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. | ||||
| CVE-2015-7908 | 1 Honeywell | 4 Midas, Midas Black, Midas Black Firmware and 1 more | 2024-08-06 | N/A |
| Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network. | ||||
| CVE-2015-2847 | 1 Honeywell | 1 Tuxedo Touch | 2024-08-06 | N/A |
| Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. | ||||
| CVE-2015-2848 | 1 Honeywell | 1 Tuxedo Touch | 2024-08-06 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. | ||||
| CVE-2015-0984 | 1 Honeywell | 8 Excel Web Xl 1000c1000 600 I\/o, Excel Web Xl 1000c1000 600 I\/o Uukl, Excel Web Xl 1000c100 104 I\/o and 5 more | 2024-08-06 | N/A |
| Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname. | ||||
| CVE-2016-8344 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-08-06 | N/A |
| An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. | ||||
| CVE-2016-2280 | 1 Honeywell | 1 Uniformance Process History Database | 2024-08-05 | N/A |
| Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors. | ||||
| CVE-2017-14263 | 1 Honeywell | 14 Enterprise Dvr, Enterprise Dvr Firmware, Fusion Iv Rev C and 11 more | 2024-08-05 | N/A |
| Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device. | ||||
| CVE-2017-5671 | 1 Honeywell | 14 Intermec Pc23, Intermec Pc23 Firmware, Intermec Pc42 and 11 more | 2024-08-05 | N/A |
| Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. | ||||
| CVE-2017-5141 | 1 Honeywell | 1 Xl Web Ii Controller | 2024-08-05 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). | ||||
| CVE-2017-5140 | 1 Honeywell | 1 Xl Web Ii Controller | 2024-08-05 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. | ||||
| CVE-2017-5143 | 1 Honeywell | 1 Xl Web Ii Controller | 2024-08-05 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. | ||||
| CVE-2017-5142 | 1 Honeywell | 1 Xl Web Ii Controller | 2024-08-05 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. | ||||
| CVE-2017-5139 | 1 Honeywell | 1 Xl Web Ii Controller | 2024-08-05 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. | ||||
| CVE-2018-8714 | 1 Honeywell | 1 Matrikonopc Explorer | 2024-08-05 | N/A |
| Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. | ||||
| CVE-2019-18226 | 1 Honeywell | 128 H2w2gr1, H2w2gr1 Firmware, H2w2pc1m and 125 more | 2024-08-05 | 9.8 Critical |
| Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. | ||||
| CVE-2019-18230 | 1 Honeywell | 96 H2w2gr1, H2w2gr1 Firmware, H3w2gr1 and 93 more | 2024-08-05 | 7.5 High |
| Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. | ||||