Vulnerabilities > Honeywell

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-22435 Out-of-bounds Write vulnerability in Honeywell products
Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.
network
low complexity
honeywell CWE-787
7.5
2023-07-13 CVE-2023-23585 Out-of-bounds Write vulnerability in Honeywell products
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.  See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-787
7.5
2023-07-13 CVE-2023-24474 Out-of-bounds Write vulnerability in Honeywell products
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
network
low complexity
honeywell CWE-787
7.5
2023-07-13 CVE-2023-24480 Out-of-bounds Write vulnerability in Honeywell C300 Firmware
Controller DoS due to stack overflow when decoding a message from the server.  See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-787
7.5
2023-07-13 CVE-2023-25078 Out-of-bounds Write vulnerability in Honeywell products
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.  See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-787
7.5
2023-07-13 CVE-2023-25178 Insufficient Verification of Data Authenticity vulnerability in Honeywell C300 Firmware
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-345
critical
9.8
2023-07-13 CVE-2023-25770 Deserialization of Untrusted Data vulnerability in Honeywell C300 Firmware
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-502
7.5
2023-06-28 CVE-2023-3243 Unspecified vulnerability in Honeywell Alerton Bcm-Web Firmware
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions.
network
low complexity
honeywell
critical
9.8
2023-05-30 CVE-2022-43485 Use of Insufficiently Random Values vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware R322.1
Use of Insufficiently Random Values in Honeywell OneWireless.
network
low complexity
honeywell CWE-330
6.5
2023-05-30 CVE-2022-46361 OS Command Injection vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware R322.1
An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands.
low complexity
honeywell CWE-78
6.8