Vulnerabilities (CVE)

Filtered by vendor Honeywell Subscribe
Total 87 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27297 1 Honeywell 1 Opc Ua Tunneller 2023-12-10 7.5 HIGH 9.8 CRITICAL
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVE-2020-27295 1 Honeywell 1 Opc Ua Tunneller 2023-12-10 5.0 MEDIUM 7.5 HIGH
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVE-2020-27274 1 Honeywell 1 Opc Ua Tunneller 2023-12-10 5.0 MEDIUM 7.5 HIGH
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVE-2020-27299 1 Honeywell 1 Opc Ua Tunneller 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVE-2020-6982 1 Honeywell 1 Win-pak 2023-12-10 5.8 MEDIUM 8.8 HIGH
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
CVE-2020-6974 1 Honeywell 1 Notifier Webserver 2023-12-10 7.5 HIGH 9.8 CRITICAL
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.
CVE-2020-6972 1 Honeywell 1 Notifier Webserver 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.
CVE-2020-6978 1 Honeywell 1 Win-pak 2023-12-10 6.4 MEDIUM 7.2 HIGH
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
CVE-2020-10624 1 Honeywell 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.
CVE-2020-10628 1 Honeywell 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.
CVE-2020-7005 1 Honeywell 1 Win-pak 2023-12-10 6.8 MEDIUM 8.8 HIGH
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.
CVE-2020-6960 1 Honeywell 12 Hnmswvms, Hnmswvms Firmware, Hnmswvmslt and 9 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges.
CVE-2019-13525 1 Honeywell 2 Ip-ak2, Ip-ak2 Firmware 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network.
CVE-2020-6959 1 Honeywell 12 Hnmswvms, Hnmswvms Firmware, Hnmswvmslt and 9 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution.
CVE-2019-13523 1 Honeywell 118 H2w2pc1m, H2w2pc1m Firmware, H2w2per3 and 115 more 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.
CVE-2019-18230 1 Honeywell 96 H2w2gr1, H2w2gr1 Firmware, H3w2gr1 and 93 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.
CVE-2019-18226 1 Honeywell 128 H2w2gr1, H2w2gr1 Firmware, H2w2pc1m and 125 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
CVE-2020-6968 1 Honeywell 2 Inncom Inncontrol, Inncom Inncontrol Firmware 2023-12-10 4.6 MEDIUM 7.8 HIGH
Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files.
CVE-2019-18228 1 Honeywell 50 H2w2gr1, H2w2gr1 Firmware, H2w2pc1m and 47 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service.
CVE-2014-9187 1 Honeywell 1 Experion Process Knowledge System 2023-12-10 7.5 HIGH 9.8 CRITICAL
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.