Vendor CVEs
Honeywell
All CVEs
109 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9189 | 0.00 | — | 0.05 | Mar 25, 2019 | Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial… | |||
| CVE-2015-7908 | 0.00 | — | 0.02 | Dec 21, 2015 | Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network. | |||
| CVE-2015-2848 | 0.00 | — | 0.01 | Jul 26, 2015 | Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. | |||
| CVE-2015-2847 | 0.00 | — | 0.02 | Jul 26, 2015 | Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. | |||
| CVE-2015-0984 | 0.00 | — | 0.06 | Mar 31, 2015 | Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before… | |||
| CVE-2014-8269 | 0.00 | — | 0.05 | Dec 13, 2014 | Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method. | |||
| CVE-2014-2717 | 0.00 | — | 0.04 | Jul 24, 2014 | Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page. | |||
| CVE-2012-0254 | 0.00 | — | 0.04 | Sep 8, 2012 | Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion… | |||
| CVE-2011-0331 | 0.00 | — | 0.04 | Mar 22, 2011 | Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document. |
- CVE-2014-9189Mar 25, 2019risk 0.00cvss —epss 0.05
Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial…
- CVE-2015-7908Dec 21, 2015risk 0.00cvss —epss 0.02
Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network.
- CVE-2015-2848Jul 26, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.
- CVE-2015-2847Jul 26, 2015risk 0.00cvss —epss 0.02
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.
- CVE-2015-0984Mar 31, 2015risk 0.00cvss —epss 0.06
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before…
- CVE-2014-8269Dec 13, 2014risk 0.00cvss —epss 0.05
Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method.
- CVE-2014-2717Jul 24, 2014risk 0.00cvss —epss 0.04
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.
- CVE-2012-0254Sep 8, 2012risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion…
- CVE-2011-0331Mar 22, 2011risk 0.00cvss —epss 0.04
Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document.
Page 3 of 3