Vulnerabilities > Honeywell > WIN PAK

DATE CVE VULNERABILITY TITLE RISK
2020-03-24 CVE-2020-6982 Injection vulnerability in Honeywell Win-Pak 4.7.2
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
low complexity
honeywell CWE-74
8.8
8.8
2020-03-24 CVE-2020-6978 Unspecified vulnerability in Honeywell Win-Pak 4.7.2
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
network
low complexity
honeywell
7.2
7.2
2020-03-24 CVE-2020-7005 Cross-Site Request Forgery (CSRF) vulnerability in Honeywell Win-Pak 4.7.2
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.
network
low complexity
honeywell CWE-352
8.8
8.8