Filtered by vendor Honeywell
Subscriptions
Total
92 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-39363 | 1 Honeywell | 4 Hbw2per1, Hbw2per1 Firmware, Hdzp252di and 1 more | 2024-11-21 | 9.8 Critical |
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved. | ||||
CVE-2021-38399 | 1 Honeywell | 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more | 2024-11-21 | 7.5 High |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. | ||||
CVE-2021-38397 | 1 Honeywell | 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more | 2024-11-21 | 10 Critical |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | ||||
CVE-2021-38395 | 1 Honeywell | 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more | 2024-11-21 | 9.1 Critical |
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | ||||
CVE-2020-7005 | 1 Honeywell | 1 Win-pak | 2024-11-21 | 8.8 High |
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. | ||||
CVE-2020-6982 | 1 Honeywell | 1 Win-pak | 2024-11-21 | 8.8 High |
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. | ||||
CVE-2020-6978 | 1 Honeywell | 1 Win-pak | 2024-11-21 | 7.2 High |
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries. | ||||
CVE-2020-6974 | 1 Honeywell | 1 Notifier Webserver | 2024-11-21 | 9.8 Critical |
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem. | ||||
CVE-2020-6972 | 1 Honeywell | 1 Notifier Webserver | 2024-11-21 | 9.1 Critical |
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. | ||||
CVE-2020-6968 | 1 Honeywell | 2 Inncom Inncontrol, Inncom Inncontrol Firmware | 2024-11-21 | 7.8 High |
Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. | ||||
CVE-2020-6960 | 1 Honeywell | 12 Hnmswvms, Hnmswvms Firmware, Hnmswvmslt and 9 more | 2024-11-21 | 9.8 Critical |
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges. | ||||
CVE-2020-6959 | 1 Honeywell | 12 Hnmswvms, Hnmswvms Firmware, Hnmswvmslt and 9 more | 2024-11-21 | 9.8 Critical |
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution. | ||||
CVE-2020-27299 | 1 Honeywell | 1 Opc Ua Tunneller | 2024-11-21 | 9.1 Critical |
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233). | ||||
CVE-2020-27297 | 1 Honeywell | 1 Opc Ua Tunneller | 2024-11-21 | 9.8 Critical |
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233). | ||||
CVE-2020-27295 | 1 Honeywell | 1 Opc Ua Tunneller | 2024-11-21 | 7.5 High |
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). | ||||
CVE-2020-27274 | 1 Honeywell | 1 Opc Ua Tunneller | 2024-11-21 | 7.5 High |
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). | ||||
CVE-2020-10628 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2024-11-21 | 7.5 High |
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. | ||||
CVE-2020-10624 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2024-11-21 | 7.5 High |
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. | ||||
CVE-2019-18230 | 1 Honeywell | 96 H2w2gr1, H2w2gr1 Firmware, H3w2gr1 and 93 more | 2024-11-21 | 7.5 High |
Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. | ||||
CVE-2019-18228 | 1 Honeywell | 50 H2w2gr1, H2w2gr1 Firmware, H2w2pc1m and 47 more | 2024-11-21 | 7.5 High |
Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service. |