Filtered by vendor Honeywell
Subscriptions
Filtered by product Tuxedo Touch
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2847 | 1 Honeywell | 1 Tuxedo Touch | 2024-08-06 | N/A |
| Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. | ||||
| CVE-2015-2848 | 1 Honeywell | 1 Tuxedo Touch | 2024-08-06 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. | ||||
Page 1 of 1.