Known Vulnerabilities for products from Honeywell
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Honeywell".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Honeywell can be found at device.report : Honeywell
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-26597 | Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. | 7.5 - HIGH | 2023-07-13 | 2023-07-25 |
| CVE-2023-25948 | Server information leak of configuration data when an error is generated in response to a specially crafted message. | 7.5 - HIGH | 2023-07-13 | 2023-07-25 |
| CVE-2023-25770 | Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. | 7.5 - HIGH | 2023-07-13 | 2023-07-25 |
| CVE-2023-25178 | Controller may be loaded with malicious firmware which could enable remote code execution | 9.8 - CRITICAL | 2023-07-13 | 2023-07-25 |
| CVE-2023-25078 | Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specifi... | 7.5 - HIGH | 2023-07-13 | 2023-07-25 |
| CVE-2023-24480 | Controller DoS due to stack overflow when decoding a message from the server | 7.5 - HIGH | 2023-07-13 | 2023-07-25 |
| CVE-2023-24474 | Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message | 7.5 - HIGH | 2023-07-13 | 2023-07-25 |
| CVE-2023-23585 | Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configur... | 7.5 - HIGH | 2023-07-13 | 2023-07-25 |
| CVE-2023-22435 | Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. | 7.5 - HIGH | 2023-07-13 | 2023-07-25 |
| CVE-2023-3712 | Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules)... | 7.8 - HIGH | 2023-09-12 | 2023-09-19 |
| CVE-2023-3711 | Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsific... | 8.8 - HIGH | 2023-09-12 | 2023-09-19 |
| CVE-2023-3710 | Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.... | 9.8 - CRITICAL | 2023-09-12 | 2023-09-19 |
| CVE-2023-3243 | ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize... | 9.8 - CRITICAL | 2023-06-28 | 2023-11-07 |
| CVE-2022-46361 | An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user ... | 6.8 - MEDIUM | 2023-05-30 | 2023-06-06 |
| CVE-2022-43485 | Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in... | 6.5 - MEDIUM | 2023-05-30 | 2023-06-06 |
| CVE-2022-30320 | Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-006... | 4.3 - MEDIUM | 2022-07-28 | 2022-08-10 |
| CVE-2022-30319 | Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia... | 8.1 - HIGH | 2022-07-28 | 2023-08-08 |
| CVE-2022-30318 | Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEd... | 9.8 - CRITICAL | 2022-08-31 | 2022-09-07 |
| CVE-2022-30317 | Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, the... | 9.1 - CRITICAL | 2022-08-31 | 2022-09-09 |
| CVE-2022-30316 | Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, t... | 6.8 - MEDIUM | 2022-07-28 | 2022-08-05 |
Known software with vulnerabilities from Honeywell
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Honeywell | Comfortpoint Open Manager Station | r100 |
| Hardware | Honeywell | Controledge Plc | - |
| Operating System | Honeywell | Controledge Plc Firmware | r130.2 |
| Hardware | Honeywell | Controledge Rtu | - |
| Operating System | Honeywell | Controledge Rtu Firmware | r101 |
| Application | Honeywell | Enterprise Buildings Integrator | r310 |
| Operating System | Honeywell | Excel Web Xl 1000c1000 600 I/o | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c1000 600 I/o Uukl | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c100u 104 I/o Uukl | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c100 104 I/o | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c500 300 I/o | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c500 300 I/o Uukl | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c50u 52 I/o Uukl | 2.04.00 |
| Operating System | Honeywell | Excel Web Xl 1000c50 52 I/o | 2.04.00 |
| Application | Honeywell | Experion Process Knowledge System | r311.2 |
| Hardware | Honeywell | Falcon Xlweb Linux Controller | 2.04.01 |
| Hardware | Honeywell | Falcon Xlweb Xlwebexe | 2.02.11 |
| Operating System | Honeywell | H2w2gr1 | - |
| Operating System | Honeywell | H2w2gr1 Firmware | - |
| Hardware | Honeywell | H2w2pc1m | - |