Vulnerabilities > Honeywell > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-27 | CVE-2024-46453 | Cross-site Scripting vulnerability in Honeywell Iq3Xcite Firmware A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
| 2024-01-31 | CVE-2023-5390 | Path Traversal vulnerability in Honeywell products An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. | 5.3 |
| 2023-05-30 | CVE-2022-43485 | Use of Insufficiently Random Values vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware R322.1 Use of Insufficiently Random Values in Honeywell OneWireless. | 6.5 |
| 2023-05-30 | CVE-2022-46361 | OS Command Injection vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware R322.1 An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. | 6.8 |
| 2022-09-07 | CVE-2022-30312 | Cleartext Transmission of Sensitive Information vulnerability in Honeywell products The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. | 6.5 |
| 2022-07-28 | CVE-2022-30314 | Use of Hard-coded Credentials vulnerability in Honeywell Safety Manager Firmware Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. | 4.6 |
| 2022-07-28 | CVE-2022-30316 | Improper Validation of Integrity Check Value vulnerability in Honeywell Safety Manager Firmware Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. | 6.8 |
| 2022-07-28 | CVE-2022-30320 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Honeywell Saia PG5 Controls Suite Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. | 4.3 |
| 2022-07-15 | CVE-2022-30242 | Unspecified vulnerability in Honeywell Alerton Ascent Control Module Firmware Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. | 6.8 |
| 2022-07-15 | CVE-2022-30245 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Honeywell Alerton Compass 1.6.5 Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. | 6.5 |