Known Vulnerabilities for products from Honeywell
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Honeywell".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Honeywell can be found at device.report : Honeywell
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-39364 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-02-24 | 2022-03-09 |
| CVE-2021-39363 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-02-24 | 2022-03-09 |
| CVE-2021-38399 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-10-28 | 2022-11-02 |
| CVE-2021-38397 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 10 - CRITICAL | 2022-10-28 | 2022-11-02 |
| CVE-2021-38395 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-10-28 | 2022-11-02 |
| CVE-2020-27299 | The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive dat... | 9.1 - CRITICAL | 2021-01-26 | 2021-02-03 |
| CVE-2020-27297 | The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with con... | 9.8 - CRITICAL | 2021-01-26 | 2021-02-03 |
| CVE-2020-27295 | The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service c... | 7.5 - HIGH | 2021-01-26 | 2021-02-03 |
| CVE-2020-27274 | Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is... | 7.5 - HIGH | 2021-01-26 | 2021-02-03 |
| CVE-2020-10628 | ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on th... | 7.5 - HIGH | 2020-06-26 | 2020-07-07 |
| CVE-2020-10624 | ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the netw... | 7.5 - HIGH | 2020-06-26 | 2020-07-07 |
| CVE-2020-7005 | In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which... | 8.8 - HIGH | 2020-03-24 | 2020-03-27 |
| CVE-2020-6982 | In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow r... | 8.8 - HIGH | 2020-03-24 | 2020-03-26 |
| CVE-2020-6978 | In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery librari... | 7.2 - HIGH | 2020-03-24 | 2020-03-27 |
| CVE-2020-6974 | Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass... | 9.8 - CRITICAL | 2020-04-07 | 2020-04-09 |
| CVE-2020-6972 | In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a ... | 9.1 - CRITICAL | 2020-03-24 | 2020-03-27 |
| CVE-2020-6968 | Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of lo... | 7.8 - HIGH | 2020-02-20 | 2020-02-28 |
| CVE-2020-6960 | The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prio... | 9.8 - CRITICAL | 2020-01-22 | 2020-02-07 |
| CVE-2020-6959 | The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prio... | 9.8 - CRITICAL | 2020-01-22 | 2020-02-05 |
| CVE-2019-18230 | Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allow... | 7.5 - HIGH | 2019-10-31 | 2019-11-05 |
Known software with vulnerabilities from Honeywell
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Honeywell | Comfortpoint Open Manager Station | r100 |
| Hardware | Honeywell | Controledge Plc | - |
| Operating System | Honeywell | Controledge Plc Firmware | r130.2 |
| Hardware | Honeywell | Controledge Rtu | - |
| Operating System | Honeywell | Controledge Rtu Firmware | r101 |
| Application | Honeywell | Enterprise Buildings Integrator | r310 |
| Operating System | Honeywell | Excel Web Xl 1000c100 104 I/o | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c1000 600 I/o | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c1000 600 I/o Uukl | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c100u 104 I/o Uukl | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c50 52 I/o | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c500 300 I/o | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c500 300 I/o Uukl | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c50u 52 I/o Uukl | 2.04.00 |
| Application | Honeywell | Experion Process Knowledge System | r311.2 |
| Hardware | Honeywell | Falcon Xlweb Linux Controller | 2.04.01 |
| Hardware | Honeywell | Falcon Xlweb Xlwebexe | 2.02.11 |
| Operating System | Honeywell | H2w2gr1 | - |
| Operating System | Honeywell | H2w2gr1 Firmware | - |
| Hardware | Honeywell | H2w2pc1m | - |