Vulnerabilities > Honeywell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-13 | CVE-2023-24474 | Out-of-bounds Write vulnerability in Honeywell products Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message | 7.5 |
| 2023-07-13 | CVE-2023-24480 | Out-of-bounds Write vulnerability in Honeywell C300 Firmware Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
| 2023-07-13 | CVE-2023-25078 | Out-of-bounds Write vulnerability in Honeywell products Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
| 2023-07-13 | CVE-2023-25178 | Insufficient Verification of Data Authenticity vulnerability in Honeywell C300 Firmware Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. | 9.8 |
| 2023-07-13 | CVE-2023-25770 | Deserialization of Untrusted Data vulnerability in Honeywell C300 Firmware Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
| 2023-06-28 | CVE-2023-3243 | Unspecified vulnerability in Honeywell Alerton Bcm-Web Firmware ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. | 9.8 |
| 2023-05-30 | CVE-2022-43485 | Use of Insufficiently Random Values vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware Use of Insufficiently Random Values in Honeywell OneWireless. | 6.5 |
| 2023-05-30 | CVE-2022-46361 | OS Command Injection vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. | 6.8 |
| 2023-05-30 | CVE-2022-4240 | Missing Authentication for Critical Function vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1 | 7.5 |
| 2022-10-28 | CVE-2021-38395 | Injection vulnerability in Honeywell products Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 9.8 |