Vulnerabilities > Honeywell > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-15 CVE-2022-30244 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Honeywell Alerton Ascent Control Module Firmware
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users.
network
low complexity
honeywell CWE-829
8.0
2022-05-26 CVE-2022-1261 Unspecified vulnerability in Honeywell Matrikon OPC Server
Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.
network
low complexity
honeywell
8.8
2022-02-24 CVE-2021-39364 Authentication Bypass by Capture-replay vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.
network
low complexity
honeywell CWE-294
7.5
2021-01-26 CVE-2020-27295 Resource Exhaustion vulnerability in Honeywell OPC UA Tunneller
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
network
low complexity
honeywell CWE-400
7.5
2021-01-26 CVE-2020-27274 Improper Check for Unusual or Exceptional Conditions vulnerability in Honeywell OPC UA Tunneller
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
network
low complexity
honeywell CWE-754
7.5
2020-06-26 CVE-2020-10628 Cleartext Transmission of Sensitive Information vulnerability in Honeywell Controledge PLC Firmware and Controledge RTU Firmware
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.
network
low complexity
honeywell CWE-319
7.5
2020-06-26 CVE-2020-10624 Cleartext Transmission of Sensitive Information vulnerability in Honeywell Controledge PLC Firmware and Controledge RTU Firmware
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.
network
low complexity
honeywell CWE-319
7.5
2020-03-24 CVE-2020-6982 Injection vulnerability in Honeywell Win-Pak 4.7.2
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
low complexity
honeywell CWE-74
8.8
2020-03-24 CVE-2020-6978 Unspecified vulnerability in Honeywell Win-Pak 4.7.2
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
network
low complexity
honeywell
7.2
2020-03-24 CVE-2020-7005 Cross-Site Request Forgery (CSRF) vulnerability in Honeywell Win-Pak 4.7.2
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.
network
low complexity
honeywell CWE-352
8.8