Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
honeywell vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-6974
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an malicious user to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.
Honeywell Notifier Webserver
7.2
CVSSv3
CVE-2020-6978
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
Honeywell Win-pak
8.8
CVSSv3
CVE-2020-7005
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an malicious user to remotely execute arbitrary code.
Honeywell Win-pak
9.1
CVSSv3
CVE-2017-5142
An issue exists in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management.
Honeywell Xl Web Ii Controller Xlwebexe-1-02-08
Honeywell Xl Web Ii Controller Xlwebexe-2-01-00
8.6
CVSSv3
CVE-2017-5143
An issue exists in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.
Honeywell Xl Web Ii Controller Xlwebexe-1-02-08
Honeywell Xl Web Ii Controller Xlwebexe-2-01-00
9.8
CVSSv3
CVE-2017-5139
An issue exists in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.
Honeywell Xl Web Ii Controller Xlwebexe-1-02-08
Honeywell Xl Web Ii Controller Xlwebexe-2-01-00
9.8
CVSSv3
CVE-2017-5140
An issue exists in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.
Honeywell Xl Web Ii Controller Xlwebexe-1-02-08
Honeywell Xl Web Ii Controller Xlwebexe-2-01-00
6
CVSSv3
CVE-2017-5141
An issue exists in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticate...
Honeywell Xl Web Ii Controller Xlwebexe-1-02-08
Honeywell Xl Web Ii Controller Xlwebexe-2-01-00
7.5
CVSSv3
CVE-2020-27295
The affected product has uncontrolled resource consumption issues, which may allow an malicious user to cause a denial-of-service condition on the OPC UA Tunneller (versions before 6.3.0.8233).
Honeywell Opc Ua Tunneller
9.1
CVSSv3
CVE-2020-27299
The affected product is vulnerable to an out-of-bounds read, which may allow an malicious user to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions before 6.3.0.8233).
Honeywell Opc Ua Tunneller
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »