Vulnerabilities > Honeywell > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-3710 | Command Injection vulnerability in Honeywell Pm43 Firmware Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. | 9.8 |
| 2023-07-13 | CVE-2023-25178 | Insufficient Verification of Data Authenticity vulnerability in Honeywell C300 Firmware Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. | 9.8 |
| 2023-06-28 | CVE-2023-3243 | Unspecified vulnerability in Honeywell Alerton Bcm-Web Firmware ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. | 9.8 |
| 2022-10-28 | CVE-2021-38395 | Injection vulnerability in Honeywell products Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 9.8 |
| 2022-10-28 | CVE-2021-38397 | Unrestricted Upload of File with Dangerous Type vulnerability in Honeywell products Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 10.0 |
| 2022-08-31 | CVE-2022-30317 | Missing Authentication for Critical Function vulnerability in Honeywell Experion LX Firmware Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. | 9.1 |
| 2022-08-31 | CVE-2022-30318 | Use of Hard-coded Credentials vulnerability in Honeywell Controledge PLC Firmware and Controledge RTU Firmware Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. | 9.8 |
| 2022-07-28 | CVE-2022-30315 | Insufficient Verification of Data Authenticity vulnerability in Honeywell Safety Manager Firmware Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. | 9.8 |
| 2022-02-24 | CVE-2021-39363 | Command Injection vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved. | 9.8 |
| 2021-01-26 | CVE-2020-27299 | Out-of-bounds Read vulnerability in Honeywell OPC UA Tunneller The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233). | 9.1 |