Vulnerabilities > Honeywell > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-3710 | Command Injection vulnerability in Honeywell Pm43 Firmware Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. | 9.8 |
| 2023-07-13 | CVE-2023-25178 | Insufficient Verification of Data Authenticity vulnerability in Honeywell C300 Firmware Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. | 9.8 |
| 2023-06-28 | CVE-2023-3243 | Unspecified vulnerability in Honeywell Alerton Bcm-Web Firmware ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. | 9.8 |
| 2022-10-28 | CVE-2021-38395 | Injection vulnerability in Honeywell products Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 9.8 |
| 2022-10-28 | CVE-2021-38397 | Unrestricted Upload of File with Dangerous Type vulnerability in Honeywell products Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 10.0 |
| 2022-08-31 | CVE-2022-30317 | Missing Authentication for Critical Function vulnerability in Honeywell Experion LX Firmware Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. | 9.1 |
| 2022-07-28 | CVE-2022-30315 | Insufficient Verification of Data Authenticity vulnerability in Honeywell Safety Manager Firmware Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. | 9.8 |
| 2022-05-26 | CVE-2022-1261 | Unspecified vulnerability in Honeywell Matrikon OPC Server Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges. | 9.0 |
| 2019-03-25 | CVE-2014-9189 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430 Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. | 10.0 |
| 2017-09-11 | CVE-2017-14263 | Session Fixation vulnerability in Honeywell products Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. | 9.3 |