Vulnerabilities > Honeywell

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2021-39363 Command Injection vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.
network
low complexity
honeywell CWE-77
critical
9.8
2022-02-24 CVE-2021-39364 Authentication Bypass by Capture-replay vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.
network
low complexity
honeywell CWE-294
7.5
2021-01-26 CVE-2020-27295 Resource Exhaustion vulnerability in Honeywell OPC UA Tunneller
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
network
low complexity
honeywell CWE-400
7.5
2021-01-26 CVE-2020-27299 Out-of-bounds Read vulnerability in Honeywell OPC UA Tunneller
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).
network
low complexity
honeywell CWE-125
critical
9.1
2021-01-26 CVE-2020-27297 Out-of-bounds Write vulnerability in Honeywell OPC UA Tunneller
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).
network
low complexity
honeywell CWE-787
critical
9.8
2021-01-26 CVE-2020-27274 Improper Check for Unusual or Exceptional Conditions vulnerability in Honeywell OPC UA Tunneller
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
network
low complexity
honeywell CWE-754
7.5
2020-06-26 CVE-2020-10628 Cleartext Transmission of Sensitive Information vulnerability in Honeywell Controledge PLC Firmware and Controledge RTU Firmware
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.
network
low complexity
honeywell CWE-319
7.5
2020-06-26 CVE-2020-10624 Cleartext Transmission of Sensitive Information vulnerability in Honeywell Controledge PLC Firmware and Controledge RTU Firmware
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.
network
low complexity
honeywell CWE-319
7.5
2020-04-07 CVE-2020-6974 Path Traversal vulnerability in Honeywell Notifier Webserver 3.50
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories.
network
low complexity
honeywell CWE-22
critical
9.8
2020-03-24 CVE-2020-6982 Injection vulnerability in Honeywell Win-Pak 4.7.2
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
low complexity
honeywell CWE-74
8.8