Vulnerabilities > Honeywell

DATE CVE VULNERABILITY TITLE RISK
2022-10-28 CVE-2021-38395 Injection vulnerability in Honeywell products
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
network
low complexity
honeywell CWE-74
critical
9.8
2022-10-28 CVE-2021-38397 Unrestricted Upload of File with Dangerous Type vulnerability in Honeywell products
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
network
low complexity
honeywell CWE-434
critical
10.0
2022-10-28 CVE-2021-38399 Path Traversal vulnerability in Honeywell products
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
network
low complexity
honeywell CWE-22
7.5
2022-05-26 CVE-2022-1261 Unspecified vulnerability in Honeywell Matrikon OPC Server
Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.
network
low complexity
honeywell
critical
9.0
2022-02-24 CVE-2021-39363 Command Injection vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.
network
low complexity
honeywell CWE-77
7.5
2022-02-24 CVE-2021-39364 Authentication Bypass by Capture-replay vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.
network
low complexity
honeywell CWE-294
5.0
2021-01-26 CVE-2020-27295 Resource Exhaustion vulnerability in Honeywell OPC UA Tunneller
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
network
low complexity
honeywell CWE-400
5.0
2021-01-26 CVE-2020-27299 Out-of-bounds Read vulnerability in Honeywell OPC UA Tunneller
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).
network
low complexity
honeywell CWE-125
6.4
2021-01-26 CVE-2020-27297 Out-of-bounds Write vulnerability in Honeywell OPC UA Tunneller
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).
network
low complexity
honeywell CWE-787
7.5
2021-01-26 CVE-2020-27274 Improper Check for Unusual or Exceptional Conditions vulnerability in Honeywell OPC UA Tunneller
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
network
low complexity
honeywell CWE-754
5.0