Vulnerabilities > Honeywell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2023-5390 | Path Traversal vulnerability in Honeywell products An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. | 5.3 |
| 2024-01-30 | CVE-2023-5389 | Unspecified vulnerability in Honeywell products An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . | 7.5 |
| 2023-11-17 | CVE-2023-6179 | Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell Prowatch 4.5 Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). | 7.8 |
| 2023-09-12 | CVE-2023-3710 | Command Injection vulnerability in Honeywell Pm43 Firmware Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. | 9.8 |
| 2023-09-12 | CVE-2023-3711 | Session Fixation vulnerability in Honeywell Pm43 Firmware Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. | 8.8 |
| 2023-09-12 | CVE-2023-3712 | Files or Directories Accessible to External Parties vulnerability in Honeywell Pm43 Firmware Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. | 7.8 |
| 2023-07-13 | CVE-2023-25948 | Information Exposure Through an Error Message vulnerability in Honeywell products Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
| 2023-07-13 | CVE-2023-26597 | Out-of-bounds Write vulnerability in Honeywell C300 Firmware Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
| 2023-07-13 | CVE-2023-22435 | Out-of-bounds Write vulnerability in Honeywell products Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. | 7.5 |
| 2023-07-13 | CVE-2023-23585 | Out-of-bounds Write vulnerability in Honeywell products Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |