Vulnerabilities > Honeywell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-28 | CVE-2022-30319 | Authentication Bypass by Spoofing vulnerability in Honeywell Saia PG5 Controls Suite Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. | 8.1 |
| 2022-07-28 | CVE-2022-30320 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Honeywell Saia PG5 Controls Suite Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. | 4.3 |
| 2022-07-15 | CVE-2022-30242 | Unspecified vulnerability in Honeywell Alerton Ascent Control Module Firmware Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. | 6.8 |
| 2022-07-15 | CVE-2022-30243 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Honeywell Alterton Visual Logic Firmware Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. | 8.8 |
| 2022-07-15 | CVE-2022-30244 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Honeywell Alerton Ascent Control Module Firmware Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. | 8.0 |
| 2022-07-15 | CVE-2022-30245 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Honeywell Alerton Compass 1.6.5 Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. | 6.5 |
| 2022-05-26 | CVE-2022-1261 | Unspecified vulnerability in Honeywell Matrikon OPC Server Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges. | 8.8 |
| 2022-02-24 | CVE-2021-39363 | Command Injection vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved. | 9.8 |
| 2022-02-24 | CVE-2021-39364 | Authentication Bypass by Capture-replay vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved. | 7.5 |
| 2021-01-26 | CVE-2020-27295 | Resource Exhaustion vulnerability in Honeywell OPC UA Tunneller The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). | 7.5 |