Vulnerabilities > Honeywell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2020-27299 | Out-of-bounds Read vulnerability in Honeywell OPC UA Tunneller The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233). | 9.1 |
| 2021-01-26 | CVE-2020-27297 | Out-of-bounds Write vulnerability in Honeywell OPC UA Tunneller The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233). | 9.8 |
| 2021-01-26 | CVE-2020-27274 | Improper Check for Unusual or Exceptional Conditions vulnerability in Honeywell OPC UA Tunneller Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). | 7.5 |
| 2020-06-26 | CVE-2020-10628 | Cleartext Transmission of Sensitive Information vulnerability in Honeywell Controledge PLC Firmware and Controledge RTU Firmware ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. | 7.5 |
| 2020-06-26 | CVE-2020-10624 | Cleartext Transmission of Sensitive Information vulnerability in Honeywell Controledge PLC Firmware and Controledge RTU Firmware ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. | 7.5 |
| 2020-04-07 | CVE-2020-6974 | Path Traversal vulnerability in Honeywell Notifier Webserver 3.50 Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. | 9.8 |
| 2020-03-24 | CVE-2020-6982 | Injection vulnerability in Honeywell Win-Pak 4.7.2 In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. | 8.8 |
| 2020-03-24 | CVE-2020-6978 | Unspecified vulnerability in Honeywell Win-Pak 4.7.2 In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries. | 7.2 |
| 2020-03-24 | CVE-2020-7005 | Cross-Site Request Forgery (CSRF) vulnerability in Honeywell Win-Pak 4.7.2 In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. | 8.8 |
| 2020-03-24 | CVE-2020-6972 | Authentication Bypass by Capture-replay vulnerability in Honeywell Notifier Webserver 3.50 In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. | 9.1 |