Latest Honeywell Vulnerabilities

CVE-2023-51605
(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
CVE-2023-51604
(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
CVE-2023-51603
(0Day) Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability
Honeywell Saia PG5 Controls Suite
CVE-2023-51602
(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
CVE-2023-51601
(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
CVE-2023-51600
(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
CVE-2023-51599
(0Day) Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability
Honeywell Saia PG5 Controls Suite
CVE-2023-5390
An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files f...
Honeywell Controledge Unit Operations Controller Firmware
Honeywell Controledge Unit Operations Controller
Honeywell Controledge Virtual Unit Operations Controller Firmware
Honeywell Controledge Virtual Unit Operations Controller
CVE-2023-5389
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write...
Honeywell Controledge Unit Operations Controller Firmware
Honeywell Controledge Unit Operations Controller
Honeywell Controledge Virtual Unit Operations Controller Firmware
Honeywell Controledge Virtual Unit Operations Controller
ZDI-23-1853
(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-CAN-18456
ZDI-23-1849: (0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-23-1848
(0Day) Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-23-1850
(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-23-1849
(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-23-1852
(0Day) Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-CAN-18591
ZDI-23-1851: (0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-CAN-18593
ZDI-23-1853: (0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-23-1854
(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-23-1851
(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-CAN-18412
ZDI-23-1848: (0Day) Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-CAN-18592
ZDI-23-1852: (0Day) Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-CAN-18644
ZDI-23-1854: (0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
ZDI-CAN-18563
ZDI-23-1850: (0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Honeywell Saia PG5 Controls Suite
CVE-2023-6179
Incorrect Permission assignment to program executable folders
Honeywell ProWatch=4.5
CVE-2023-3712
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10....
Honeywell Pm43 Firmware<p10.19.050004
Honeywell PM43
CVE-2023-3710
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the late...
Honeywell Pm43 Firmware<p10.19.050004
Honeywell PM43
CVE-2023-3711
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.0...
Honeywell Pm43 Firmware<p10.19.050004
Honeywell PM43
CVE-2023-24474
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
Honeywell Experion Server>=501.1<=501.6hf8
Honeywell Experion Server>=510.1<=510.2hf12
Honeywell Experion Server>=511.1<=511.5tcu3
Honeywell Experion Server>=520.1<=520.1tcu4
Honeywell Experion Server>=520.2<=520.2tcu2
Honeywell Experion Station>=501.1<=501.6hf8
and 10 more
CVE-2023-22435
Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.
Honeywell Experion Server>=501.1<=501.6hf8
Honeywell Experion Server>=510.1<=510.2hf12
Honeywell Experion Server>=511.1<=511.5tcu3
Honeywell Experion Server>=520.1<=520.1tcu4
Honeywell Experion Server>=520.2<=520.2tcu2
Honeywell Experion Station>=501.1<=501.6hf8
and 10 more
CVE-2023-25948
Server Data type confusion - info leak
Honeywell Experion Server>=501.1<=501.6hf8
Honeywell Experion Server>=510.1<=510.2hf12
Honeywell Experion Server>=511.1<=511.5tcu3
Honeywell Experion Server>=520.1<=520.1tcu4
Honeywell Experion Server>=520.2<=520.2tcu2
Honeywell Experion Station>=501.1<=501.6hf8
and 10 more
CVE-2023-26597
Controller DOS on sending error response
Honeywell C300 Firmware>=501.1<=501.6hf8
Honeywell C300 Firmware>=510.1<=510.2hf12
Honeywell C300 Firmware>=511.1<=511.5tcu3
Honeywell C300 Firmware>=520.1<=520.1tcu4
Honeywell C300 Firmware>=520.2<=520.2tcu2
Honeywell C300
and 6 more
CVE-2023-25770
Controller stack overflow on decoding messages from the server
Honeywell C300 Firmware>=501.1<=501.6hf8
Honeywell C300 Firmware>=510.1<=510.2hf12
Honeywell C300 Firmware>=511.1<=511.5tcu3
Honeywell C300 Firmware>=520.1<=520.1tcu4
Honeywell C300 Firmware>=520.2<=520.2tcu2
Honeywell C300
and 6 more
CVE-2023-25178
Controller design flaw - unsigned firmware
Honeywell C300 Firmware>=501.1<=501.6hf8
Honeywell C300 Firmware>=510.1<=510.2hf12
Honeywell C300 Firmware>=511.1<=511.5tcu3
Honeywell C300 Firmware>=520.1<=520.1tcu4
Honeywell C300 Firmware>=520.2<=520.2tcu2
Honeywell C300
and 6 more
CVE-2023-25078
DoS due to heap overflow
Honeywell Experion Server>=501.1<=501.6hf8
Honeywell Experion Server>=510.1<=510.2hf12
Honeywell Experion Server>=511.1<=511.5tcu3
Honeywell Experion Server>=520.1<=520.1tcu4
Honeywell Experion Server>=520.2<=520.2tcu2
Honeywell Experion Station>=501.1<=501.6hf8
and 10 more
CVE-2023-24480
Controller stack overflow when decoding messages from the server
Honeywell C300 Firmware>=501.1<=501.6hf8
Honeywell C300 Firmware>=510.1<=510.2hf12
Honeywell C300 Firmware>=511.1<=511.5tcu3
Honeywell C300 Firmware>=520.1<=520.1tcu4
Honeywell C300 Firmware>=520.2<=520.2tcu2
Honeywell C300
and 6 more
CVE-2023-23585
Server DoS due to heap overflow
Honeywell Experion Server>=501.1<=501.6hf8
Honeywell Experion Server>=510.1<=510.2hf12
Honeywell Experion Server>=511.1<=511.5tcu3
Honeywell Experion Server>=520.1<=520.1tcu4
Honeywell Experion Server>=520.2<=520.2tcu2
Honeywell Experion Station>=501.1<=501.6hf8
and 10 more
CVE-2023-3243
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful br...
Honeywell Alerton Bcm-web Firmware
Honeywell Alerton Bcm-web
Honeywell Alerton Bcm-web Firmware
Honeywell Alerton Bcm-web
CVE-2022-46361
An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could...
Honeywell Onewireless Network Wireless Device Manager Firmware<r322.2
Honeywell Onewireless Network Wireless Device Manager
CVE-2022-43485
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1
Honeywell Onewireless Network Wireless Device Manager Firmware<r322.2
Honeywell Onewireless Network Wireless Device Manager
CVE-2021-38399
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
Honeywell C200 Firmware
Honeywell C200
Honeywell C200e Firmware
Honeywell C200e
Honeywell C300 Firmware
Honeywell C300
and 2 more
CVE-2021-38397
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service ...
Honeywell C200 Firmware
Honeywell C200
Honeywell C200e Firmware
Honeywell C200e
Honeywell C300 Firmware
Honeywell C300
and 2 more
CVE-2021-38395
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code an...
Honeywell C200 Firmware
Honeywell C200
Honeywell C200e Firmware
Honeywell C200e
Honeywell C300 Firmware
Honeywell C300
and 2 more
CVE-2022-2332
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment.
Honeywell SoftMaster=4.51
CVE-2022-2333
If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions...
Honeywell SoftMaster=4.51
CVE-2022-30312
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartex...
Honeywell Trend Iq412 Firmware
Honeywell Trend Iq412
Honeywell Trend Iq411 Firmware
Honeywell Trend Iq411
Honeywell Trend Iq422 Firmware
Honeywell Trend Iq422
and 4 more
CVE-2022-30317
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol wit...
Honeywell Experion Lx Firmware<r520.1
Honeywell Experion LX
Honeywell Experion Lx Firmware<r520.1
Honeywell Experion LX
CVE-2022-30318
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized a...
Honeywell Controledge Plc Firmware<r151.2
Honeywell ControlEdge PLC
Honeywell Controledge Rtu Firmware<r151.2
Honeywell Controledge Rtu
CVE-2022-30315
Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager ...
Honeywell Safety Manager Firmware
Honeywell Safety Manager
CVE-2022-30316
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware up...
Honeywell Safety Manager Firmware
Honeywell Safety Manager
CVE-2022-30320
Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls (SBC) PCD S-Bus weak credential hashing...
Honeywell Saia PG5 Controls Suite

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203