Vulnerabilities > Honeywell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-08 | CVE-2014-9186 | Improper Input Validation vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430 A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. | 9.8 |
| 2019-04-08 | CVE-2014-5436 | Path Traversal vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430 A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. | 7.5 |
| 2019-04-08 | CVE-2014-5435 | Out-of-bounds Write vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430 An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. | 9.8 |
| 2019-03-25 | CVE-2014-9189 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430 Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. | 9.8 |
| 2019-03-25 | CVE-2014-9187 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430 Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. | 9.8 |
| 2018-09-24 | CVE-2018-14825 | Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell products On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. | 5.8 |
| 2018-05-17 | CVE-2018-8714 | Information Exposure vulnerability in Honeywell Matrikonopc Explorer Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. | 6.1 |
| 2017-09-11 | CVE-2017-14263 | Session Fixation vulnerability in Honeywell products Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. | 8.1 |
| 2017-03-29 | CVE-2017-5671 | Improper Privilege Management vulnerability in Honeywell products Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. | 8.8 |
| 2017-02-13 | CVE-2017-5143 | Path Traversal vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100 An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. | 8.6 |