Vulnerabilities > Honeywell > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-1309 Unspecified vulnerability in Honeywell Niagara Framework
Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.
network
low complexity
honeywell
7.5
2024-01-30 CVE-2023-5389 Unspecified vulnerability in Honeywell products
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC .
network
low complexity
honeywell
7.5
2023-11-17 CVE-2023-6179 Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell Prowatch 4.5
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s).
local
low complexity
honeywell CWE-732
7.8
2023-09-12 CVE-2023-3711 Session Fixation vulnerability in Honeywell Pm43 Firmware
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g.
network
low complexity
honeywell CWE-384
8.8
2023-09-12 CVE-2023-3712 Files or Directories Accessible to External Parties vulnerability in Honeywell Pm43 Firmware
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.  Update to the latest available firmware version of the respective printers to version MR19.5 (e.g.
local
low complexity
honeywell CWE-552
7.8
2023-07-13 CVE-2023-25948 Information Exposure Through an Error Message vulnerability in Honeywell products
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-209
7.5
2023-07-13 CVE-2023-26597 Out-of-bounds Write vulnerability in Honeywell C300 Firmware
Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-787
7.5
2023-07-13 CVE-2023-22435 Out-of-bounds Write vulnerability in Honeywell products
Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.
network
low complexity
honeywell CWE-787
7.5
2023-07-13 CVE-2023-23585 Out-of-bounds Write vulnerability in Honeywell products
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.  See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-787
7.5
2023-07-13 CVE-2023-24474 Out-of-bounds Write vulnerability in Honeywell products
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
network
low complexity
honeywell CWE-787
7.5