Vulnerabilities (CVE)

Filtered by vendor Honeywell Subscribe
Total 87 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3710 1 Honeywell 2 Pm43, Pm43 Firmware 2023-12-10 N/A 9.8 CRITICAL
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
CVE-2022-43485 1 Honeywell 2 Onewireless Network Wireless Device Manager, Onewireless Network Wireless Device Manager Firmware 2023-12-10 N/A 6.5 MEDIUM
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1
CVE-2022-4240 1 Honeywell 2 Onewireless Network Wireless Device Manager, Onewireless Network Wireless Device Manager Firmware 2023-12-10 N/A 7.5 HIGH
Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1
CVE-2022-46361 1 Honeywell 2 Onewireless Network Wireless Device Manager, Onewireless Network Wireless Device Manager Firmware 2023-12-10 N/A 6.8 MEDIUM
An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2.
CVE-2022-30318 1 Honeywell 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more 2023-12-10 N/A 9.8 CRITICAL
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service.
CVE-2022-30312 1 Honeywell 10 Trend Iq411, Trend Iq411 Firmware, Trend Iq412 and 7 more 2023-12-10 N/A 6.5 MEDIUM
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller (IC) protocol (57612/UDP). The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller (IC) protocol in for information exchange and automation purposes. This protocol offers authentication in the form of a 4-digit PIN in order to protect access to sensitive operations like strategy uploads and downloads as well as optional 0-30 character username and password protection for web page access protection. Both the PIN and usernames and passwords are transmitted in cleartext, allowing an attacker with passive interception capabilities to obtain these credentials. Credentials are transmitted in cleartext. An attacker who obtains Trend IC credentials can carry out sensitive engineering actions such as manipulating controller strategy or configuration settings. If the credentials in question are (re)used for other applications, their compromise could potentially facilitate lateral movement.
CVE-2022-30244 1 Honeywell 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware 2023-12-10 N/A 8.0 HIGH
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.
CVE-2021-38395 1 Honeywell 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more 2023-12-10 N/A 9.8 CRITICAL
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
CVE-2022-30315 1 Honeywell 2 Safety Manager, Safety Manager Firmware 2023-12-10 N/A 9.8 CRITICAL
Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell FSC runtime (FSC-CPU, QPP), Honeywell Safety Builder. The potential impact is: Remote Code Execution, Denial of Service. The Honeywell Experion PKS Safety Manager family of safety controllers utilize the unauthenticated Safety Builder protocol (FSCT-2022-0051) for engineering purposes, including downloading projects and control logic to the controller. Control logic is downloaded to the controller on a block-by-block basis. The logic that is downloaded consists of FLD code compiled to native machine code for the CPU module (which applies to both the Safety Manager and FSC families). Since this logic does not seem to be cryptographically authenticated, it allows an attacker capable of triggering a logic download to execute arbitrary machine code on the controller's CPU module in the context of the runtime. While the researchers could not verify this in detail, the researchers believe that the microprocessor underpinning the FSC and Safety Manager CPU modules is incapable of offering memory protection or privilege separation capabilities which would give an attacker full control of the CPU module. There is no authentication on control logic downloaded to the controller. Memory protection and privilege separation capabilities for the runtime are possibly lacking. The researchers confirmed the issues in question on Safety Manager R145.1 and R152.2 but suspect the issue affects all FSC and SM controllers and associated Safety Builder versions regardless of software or firmware revision. An attacker who can communicate with a Safety Manager controller via the Safety Builder protocol can execute arbitrary code without restrictions on the CPU module, allowing for covert manipulation of control operations and implanting capabilities similar to the TRITON malware (MITRE ATT&CK software ID S1009). A mitigating factor with regards to some, but not all, of the above functionality is that these require the Safety Manager physical keyswitch to be in the right position.
CVE-2022-30243 1 Honeywell 2 Alterton Visual Logic, Alterton Visual Logic Firmware 2023-12-10 N/A 8.8 HIGH
Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.
CVE-2022-30245 1 Honeywell 1 Alerton Compass 2023-12-10 N/A 6.5 MEDIUM
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered.
CVE-2021-38399 1 Honeywell 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more 2023-12-10 N/A 7.5 HIGH
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
CVE-2021-38397 1 Honeywell 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more 2023-12-10 N/A 10.0 CRITICAL
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
CVE-2022-30316 1 Honeywell 2 Safety Manager, Safety Manager Firmware 2023-12-10 N/A 6.8 MEDIUM
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The potential impact is: Firmware manipulation. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 communication FTA serial interface and Enea POLO bootloader for firmware management purposes. An engineering workstation running the Safety Builder software communicates via serial or serial-over-ethernet link with the DCOM-232/485 interface. Firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks. Firmware images are unsigned. An attacker with access to the serial interface (either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway) can utilize hardcoded credentials (see FSCT-2022-0052) for the POLO bootloader to control the boot process and push malicious firmware images to the controller allowing for firmware manipulation, remote code execution and denial of service impacts. A mitigating factor is that in order for a firmware update to be initiated, the Safety Manager has to be rebooted which is typically done by means of physical controls on the Safety Manager itself. As such, an attacker would have to either lay dormant until a legitimate reboot occurs or possibly attempt to force a reboot through a secondary vulnerability.
CVE-2022-2333 1 Honeywell 1 Softmaster 2023-12-10 N/A 7.8 HIGH
If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.
CVE-2022-2332 1 Honeywell 1 Softmaster 2023-12-10 N/A 7.8 HIGH
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment.
CVE-2022-30242 1 Honeywell 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware 2023-12-10 N/A 6.8 MEDIUM
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered.
CVE-2021-39363 1 Honeywell 4 Hbw2per1, Hbw2per1 Firmware, Hdzp252di and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.
CVE-2022-1261 1 Honeywell 1 Matrikon Opc Server 2023-12-10 9.0 HIGH 8.8 HIGH
Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.
CVE-2021-39364 1 Honeywell 4 Hbw2per1, Hbw2per1 Firmware, Hdzp252di and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.