Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 17 May 2025 06:45:00 +0000

Type Values Removed Values Added
References

Wed, 07 May 2025 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Honeywell
Honeywell mb-secure
Honeywell mb-secure Firmware
Honeywell mb-secure Pro
Honeywell mb-secure Pro Firmware
CPEs cpe:2.3:h:honeywell:mb-secure:-:*:*:*:*:*:*:*
cpe:2.3:h:honeywell:mb-secure_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:mb-secure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:mb-secure_pro_firmware:*:*:*:*:*:*:*:*
Vendors & Products Honeywell
Honeywell mb-secure
Honeywell mb-secure Firmware
Honeywell mb-secure Pro
Honeywell mb-secure Pro Firmware

Fri, 02 May 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 02 May 2025 13:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product.
Title Authenticated command injection
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Honeywell

Published:

Updated: 2025-05-17T06:03:36.347Z

Reserved: 2025-03-21T13:18:29.509Z

Link: CVE-2025-2605

cve-icon Vulnrichment

Updated: 2025-05-17T06:03:36.347Z

cve-icon NVD

Status : Modified

Published: 2025-05-02T13:15:46.440

Modified: 2025-05-17T06:15:18.303

Link: CVE-2025-2605

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.