Honeywell OneWireless

Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to

R322.3, R330.2 or the most recent version of this product2.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

Tue, 18 Feb 2025 19:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}


Thu, 06 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 06 Feb 2025 14:30:00 +0000

Type Values Removed Values Added
Description Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to R322.3, R330.2 or the most recent version of this product2.
Title OneWireless command injection possible when updating firmware
Weaknesses CWE-77
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Honeywell

Published:

Updated: 2025-02-18T18:13:44.990Z

Reserved: 2023-10-31T13:16:00.514Z

Link: CVE-2023-5878

cve-icon Vulnrichment

Updated: 2025-02-06T14:29:17.022Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-02-06T15:15:12.440

Modified: 2025-02-18T19:15:11.780

Link: CVE-2023-5878

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T21:06:46Z