Vulnerabilities > Honeywell > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-28 | CVE-2022-30314 | Use of Hard-coded Credentials vulnerability in Honeywell Safety Manager Firmware Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. | 4.6 |
| 2022-07-28 | CVE-2022-30316 | Improper Validation of Integrity Check Value vulnerability in Honeywell Safety Manager Firmware Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. | 6.8 |
| 2022-07-28 | CVE-2022-30320 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Honeywell Saia PG5 Controls Suite Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. | 4.3 |
| 2022-07-15 | CVE-2022-30242 | Unspecified vulnerability in Honeywell Alerton Ascent Control Module Firmware Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. | 6.8 |
| 2022-07-15 | CVE-2022-30245 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Honeywell Alerton Compass 1.6.5 Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. | 6.5 |
| 2019-10-25 | CVE-2019-13525 | Missing Authentication for Critical Function vulnerability in Honeywell Ip-Ak2 Firmware In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network. | 5.3 |
| 2019-09-26 | CVE-2019-13523 | Missing Authentication for Critical Function vulnerability in Honeywell products In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. | 5.3 |
| 2018-09-24 | CVE-2018-14825 | Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell products On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. | 5.8 |
| 2018-05-17 | CVE-2018-8714 | Information Exposure vulnerability in Honeywell Matrikonopc Explorer Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. | 6.1 |
| 2017-02-13 | CVE-2017-5141 | Session Fixation vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100 An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. | 6.0 |