Vulnerabilities > Honeywell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-13 | CVE-2023-24480 | Out-of-bounds Write vulnerability in Honeywell C300 Firmware Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
| 2023-07-13 | CVE-2023-25078 | Out-of-bounds Write vulnerability in Honeywell products Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
| 2023-07-13 | CVE-2023-25178 | Insufficient Verification of Data Authenticity vulnerability in Honeywell C300 Firmware Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. | 9.8 |
| 2023-07-13 | CVE-2023-25770 | Deserialization of Untrusted Data vulnerability in Honeywell C300 Firmware Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | 7.5 |
| 2023-06-28 | CVE-2023-3243 | Unspecified vulnerability in Honeywell Alerton Bcm-Web Firmware ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. | 9.8 |
| 2023-05-30 | CVE-2022-43485 | Use of Insufficiently Random Values vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware R322.1 Use of Insufficiently Random Values in Honeywell OneWireless. | 6.5 |
| 2023-05-30 | CVE-2022-46361 | OS Command Injection vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware R322.1 An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. | 6.8 |
| 2023-05-30 | CVE-2022-4240 | Missing Authentication for Critical Function vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware R322.1 Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1 | 7.5 |
| 2022-10-28 | CVE-2021-38395 | Injection vulnerability in Honeywell products Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 9.8 |
| 2022-10-28 | CVE-2021-38397 | Unrestricted Upload of File with Dangerous Type vulnerability in Honeywell products Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 10.0 |