Vulnerabilities > Honeywell > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-20 | CVE-2020-6968 | Improper Privilege Management vulnerability in Honeywell Inncom Inncontrol Firmware 3.0/3.21 Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. | 7.8 |
| 2019-10-31 | CVE-2019-18230 | Missing Authentication for Critical Function vulnerability in Honeywell products Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. | 7.5 |
| 2019-10-31 | CVE-2019-18228 | Improper Input Validation vulnerability in Honeywell products Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service. | 7.5 |
| 2019-04-08 | CVE-2014-5436 | Path Traversal vulnerability in Honeywell Experion Process Knowledge System R400/R410/R430 A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. | 7.5 |
| 2017-09-11 | CVE-2017-14263 | Session Fixation vulnerability in Honeywell products Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. | 8.1 |
| 2017-03-29 | CVE-2017-5671 | Improper Privilege Management vulnerability in Honeywell products Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. | 8.8 |
| 2017-02-13 | CVE-2017-5143 | Path Traversal vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100 An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. | 8.6 |
| 2016-04-21 | CVE-2016-2280 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Honeywell Uniformance Process History Database R310/R320/R321 Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors. | 7.5 |
| 2015-12-21 | CVE-2015-7907 | Path Traversal vulnerability in Honeywell Midas Black Firmware and Midas Firmware Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. | 8.6 |