Known Vulnerabilities for products from Honeywell

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Honeywell".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Additional devices specifications by Honeywell can be found at device.report : Honeywell

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-26597 Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. 7.5 - HIGH 2023-07-13 2023-07-25
CVE-2023-25948 Server information leak of configuration data when an error is generated in response to a specially crafted message. 7.5 - HIGH 2023-07-13 2023-07-25
CVE-2023-25770 Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. 7.5 - HIGH 2023-07-13 2023-07-25
CVE-2023-25178 Controller may be loaded with malicious firmware which could enable remote code execution 9.8 - CRITICAL 2023-07-13 2023-07-25
CVE-2023-25078 Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specifi... 7.5 - HIGH 2023-07-13 2023-07-25
CVE-2023-24480 Controller DoS due to stack overflow when decoding a message from the server 7.5 - HIGH 2023-07-13 2023-07-25
CVE-2023-24474 Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message 7.5 - HIGH 2023-07-13 2023-07-25
CVE-2023-23585 Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configur... 7.5 - HIGH 2023-07-13 2023-07-25
CVE-2023-22435 Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. 7.5 - HIGH 2023-07-13 2023-07-25
CVE-2023-3712 Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules)... 7.8 - HIGH 2023-09-12 2023-09-19
CVE-2023-3711 Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsific... 8.8 - HIGH 2023-09-12 2023-09-19
CVE-2023-3710 Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.... 9.8 - CRITICAL 2023-09-12 2023-09-19
CVE-2023-3243 ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize... 9.8 - CRITICAL 2023-06-28 2023-11-07
CVE-2022-46361 An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user ... 6.8 - MEDIUM 2023-05-30 2023-06-06
CVE-2022-43485 Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in... 6.5 - MEDIUM 2023-05-30 2023-06-06
CVE-2022-30320 Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-006... 4.3 - MEDIUM 2022-07-28 2022-08-10
CVE-2022-30319 Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia... 8.1 - HIGH 2022-07-28 2023-08-08
CVE-2022-30318 Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEd... 9.8 - CRITICAL 2022-08-31 2022-09-07
CVE-2022-30317 Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, the... 9.1 - CRITICAL 2022-08-31 2022-09-09
CVE-2022-30316 Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, t... 6.8 - MEDIUM 2022-07-28 2022-08-05

Known software with vulnerabilities from Honeywell

Type Vendor Product Version
ApplicationHoneywellComfortpoint Open Manager Stationr100
HardwareHoneywellControledge Plc-
Operating
System
HoneywellControledge Plc Firmwarer130.2
HardwareHoneywellControledge Rtu-
Operating
System
HoneywellControledge Rtu Firmwarer101
ApplicationHoneywellEnterprise Buildings Integratorr310
Operating
System
HoneywellExcel Web Xl 1000c1000 600 I/o2.04.00
Operating
System
HoneywellExcel Web Xl 1000c1000 600 I/o Uukl2.04.00
Operating
System
HoneywellExcel Web Xl 1000c100u 104 I/o Uukl2.04.00
Operating
System
HoneywellExcel Web Xl 1000c100 104 I/o2.04.00
Operating
System
HoneywellExcel Web Xl 1000c500 300 I/o2.04.00
Operating
System
HoneywellExcel Web Xl 1000c500 300 I/o Uukl2.04.00
Operating
System
HoneywellExcel Web Xl 1000c50u 52 I/o Uukl2.04.00
Operating
System
HoneywellExcel Web Xl 1000c50 52 I/o2.04.00
ApplicationHoneywellExperion Process Knowledge Systemr311.2
HardwareHoneywellFalcon Xlweb Linux Controller2.04.01
HardwareHoneywellFalcon Xlweb Xlwebexe2.02.11
Operating
System
HoneywellH2w2gr1-
Operating
System
HoneywellH2w2gr1 Firmware-
HardwareHoneywellH2w2pc1m-