Filtered by vendor Honeywell
Subscribe
Total
87 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9186 | 1 Honeywell | 1 Experion Process Knowledge System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-9189 | 1 Honeywell | 1 Experion Process Knowledge System | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-5436 | 1 Honeywell | 1 Experion Process Knowledge System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-5435 | 1 Honeywell | 1 Experion Process Knowledge System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2018-14825 | 2 Google, Honeywell | 15 Android, Ck75, Cn51 and 12 more | 2023-12-10 | 6.8 MEDIUM | 5.8 MEDIUM |
| On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents. | |||||
| CVE-2018-8714 | 1 Honeywell | 1 Matrikonopc Explorer | 2023-12-10 | 3.6 LOW | 6.1 MEDIUM |
| Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. | |||||
| CVE-2017-14263 | 1 Honeywell | 14 Enterprise Dvr, Enterprise Dvr Firmware, Fusion Iv Rev C and 11 more | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
| Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device. | |||||
| CVE-2016-8344 | 1 Honeywell | 1 Experion Process Knowledge System | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. | |||||
| CVE-2017-5140 | 1 Honeywell | 1 Xl Web Ii Controller | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. | |||||
| CVE-2017-5141 | 1 Honeywell | 1 Xl Web Ii Controller | 2023-12-10 | 6.5 MEDIUM | 6.0 MEDIUM |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). | |||||
| CVE-2017-5671 | 1 Honeywell | 14 Intermec Pc23, Intermec Pc23 Firmware, Intermec Pc42 and 11 more | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
| Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. | |||||
| CVE-2017-5139 | 1 Honeywell | 1 Xl Web Ii Controller | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. | |||||
| CVE-2017-5143 | 1 Honeywell | 1 Xl Web Ii Controller | 2023-12-10 | 7.5 HIGH | 8.6 HIGH |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. | |||||
| CVE-2017-5142 | 1 Honeywell | 1 Xl Web Ii Controller | 2023-12-10 | 6.5 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. | |||||
| CVE-2015-2848 | 1 Honeywell | 1 Tuxedo Touch | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. | |||||
| CVE-2016-2280 | 1 Honeywell | 1 Uniformance Process History Database | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors. | |||||
| CVE-2015-7908 | 1 Honeywell | 4 Midas, Midas Black, Midas Black Firmware and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
| Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network. | |||||
| CVE-2015-2847 | 1 Honeywell | 1 Tuxedo Touch | 2023-12-10 | 5.0 MEDIUM | N/A |
| Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. | |||||
| CVE-2015-7907 | 1 Honeywell | 2 Midas Black Firmware, Midas Firmware | 2023-12-10 | 6.4 MEDIUM | 8.6 HIGH |
| Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. | |||||
| CVE-2015-0984 | 1 Honeywell | 8 Excel Web Xl 1000c1000 600 I\/o, Excel Web Xl 1000c1000 600 I\/o Uukl, Excel Web Xl 1000c100 104 I\/o and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname. | |||||