Vulnerabilities > Honeywell
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-13 | CVE-2017-5142 | Improper Privilege Management vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100 An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. | 6.5 |
| 2017-02-13 | CVE-2017-5141 | Session Fixation vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100 An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. | 6.5 |
| 2017-02-13 | CVE-2017-5140 | Insufficiently Protected Credentials vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100 An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. | 5.0 |
| 2017-02-13 | CVE-2017-5139 | Insufficiently Protected Credentials vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100 An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. | 5.0 |
| 2017-02-13 | CVE-2016-8344 | Improper Input Validation vulnerability in Honeywell Experion Process Knowledge System 410/430/431 An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. | 4.3 |
| 2016-04-21 | CVE-2016-2280 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Honeywell Uniformance Process History Database R310/R320/R321 Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors. | 7.8 |
| 2015-12-21 | CVE-2015-7908 | Information Exposure vulnerability in Honeywell Midas Black Firmware and Midas Firmware Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network. | 9.3 |
| 2015-12-21 | CVE-2015-7907 | Path Traversal vulnerability in Honeywell Midas Black Firmware and Midas Firmware Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. | 6.4 |
| 2015-07-26 | CVE-2015-2848 | Cross-Site Request Forgery (CSRF) vulnerability in Honeywell Tuxedo Touch Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. | 6.8 |
| 2015-07-26 | CVE-2015-2847 | Improper Access Control vulnerability in Honeywell Tuxedo Touch Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. | 5.0 |