Vulnerabilities > Honeywell

DATE CVE VULNERABILITY TITLE RISK
2019-09-26 CVE-2019-13523 Missing Authentication for Critical Function vulnerability in Honeywell products
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network.
network
low complexity
honeywell CWE-306
5.3
2019-04-08 CVE-2014-9186 Improper Input Validation vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430
A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution.
network
low complexity
honeywell CWE-20
critical
9.8
2019-04-08 CVE-2014-5436 Path Traversal vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430
A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure.
network
low complexity
honeywell CWE-22
7.5
2019-04-08 CVE-2014-5435 Out-of-bounds Write vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430
An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service.
network
low complexity
honeywell CWE-787
critical
9.8
2019-03-25 CVE-2014-9189 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430
Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service.
network
low complexity
honeywell CWE-119
critical
9.8
2019-03-25 CVE-2014-9187 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service.
network
low complexity
honeywell CWE-119
critical
9.8
2018-09-24 CVE-2018-14825 Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell products
On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges.
local
high complexity
honeywell CWE-732
5.8
2018-05-17 CVE-2018-8714 Information Exposure vulnerability in Honeywell Matrikonopc Explorer
Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries.
local
low complexity
honeywell CWE-200
6.1
2017-09-11 CVE-2017-14263 Session Fixation vulnerability in Honeywell products
Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI.
network
high complexity
honeywell CWE-384
8.1
2017-03-29 CVE-2017-5671 Improper Privilege Management vulnerability in Honeywell products
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.
local
low complexity
honeywell CWE-269
8.8