Vulnerabilities > Honeywell > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2023-5390 | Path Traversal vulnerability in Honeywell products An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. | 5.3 |
| 2023-05-30 | CVE-2022-43485 | Use of Insufficiently Random Values vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware Use of Insufficiently Random Values in Honeywell OneWireless. | 6.5 |
| 2023-05-30 | CVE-2022-46361 | OS Command Injection vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. | 6.8 |
| 2022-07-28 | CVE-2022-30314 | Use of Hard-coded Credentials vulnerability in Honeywell Safety Manager Firmware Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. | 4.6 |
| 2022-07-28 | CVE-2022-30320 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Honeywell Saia PG5 Controls Suite Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. | 4.3 |
| 2022-02-24 | CVE-2021-39364 | Authentication Bypass by Capture-replay vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved. | 5.0 |
| 2021-01-26 | CVE-2020-27295 | Resource Exhaustion vulnerability in Honeywell OPC UA Tunneller The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). | 5.0 |
| 2021-01-26 | CVE-2020-27299 | Out-of-bounds Read vulnerability in Honeywell OPC UA Tunneller The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233). | 6.4 |
| 2021-01-26 | CVE-2020-27274 | Improper Check for Unusual or Exceptional Conditions vulnerability in Honeywell OPC UA Tunneller Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). | 5.0 |
| 2020-06-26 | CVE-2020-10628 | Cleartext Transmission of Sensitive Information vulnerability in Honeywell Controledge PLC Firmware and Controledge RTU Firmware ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. | 5.0 |