Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
honeywell vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-1261
Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.
Honeywell Matrikon Opc Server
9.8
CVSSv3
CVE-2021-39363
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.
Honeywell Hdzp252di Firmware 1.00.hw02.4
Honeywell Hbw2per1 Firmware 1.000.hw01.3
7.5
CVSSv3
CVE-2021-39364
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.
Honeywell Hdzp252di Firmware 1.00.hw02.4
Honeywell Hbw2per1 Firmware 1.000.hw01.3
7.5
CVSSv3
CVE-2020-27295
The affected product has uncontrolled resource consumption issues, which may allow an malicious user to cause a denial-of-service condition on the OPC UA Tunneller (versions before 6.3.0.8233).
Honeywell Opc Ua Tunneller
7.5
CVSSv3
CVE-2020-27274
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions before 6.3.0.8233).
Honeywell Opc Ua Tunneller
9.8
CVSSv3
CVE-2020-27297
The affected product is vulnerable to a heap-based buffer overflow, which may allow an malicious user to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions before 6.3.0.8233).
Honeywell Opc Ua Tunneller
9.1
CVSSv3
CVE-2020-27299
The affected product is vulnerable to an out-of-bounds read, which may allow an malicious user to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions before 6.3.0.8233).
Honeywell Opc Ua Tunneller
7.5
CVSSv3
CVE-2020-10624
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.
Honeywell Controledge Plc Firmware R130.2
Honeywell Controledge Plc Firmware R140
Honeywell Controledge Plc Firmware R150
Honeywell Controledge Plc Firmware R151
Honeywell Controledge Rtu Firmware R101
Honeywell Controledge Rtu Firmware R110
Honeywell Controledge Rtu Firmware R140
Honeywell Controledge Rtu Firmware R150
Honeywell Controledge Rtu Firmware R151
7.5
CVSSv3
CVE-2020-10628
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.
Honeywell Controledge Plc Firmware R130.2
Honeywell Controledge Plc Firmware R140
Honeywell Controledge Plc Firmware R150
Honeywell Controledge Plc Firmware R151
Honeywell Controledge Rtu Firmware R101
Honeywell Controledge Rtu Firmware R110
Honeywell Controledge Rtu Firmware R140
Honeywell Controledge Rtu Firmware R150
Honeywell Controledge Rtu Firmware R151
9.8
CVSSv3
CVE-2020-6974
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an malicious user to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.
Honeywell Notifier Webserver
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »