Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
honeywell vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2020-6978
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
Honeywell Win-pak
NA
CVE-2023-6179
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recom...
Honeywell Prowatch 4.5
NA
CVE-2023-3243
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommende...
Honeywell Alerton Bcm-web Firmware -
6.8
CVSSv2
CVE-2015-2848
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch prior to 5.2.19.0_VA allows remote malicious users to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.
Honeywell Tuxedo Touch
1 Article
7.5
CVSSv2
CVE-2014-8269
Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite prior to 1.13.4.15 allow remote malicious users to execute arbitrary code via a crafted file that is improperly handled by the Open method.
Honeywell Opos Suite
7.5
CVSSv2
CVE-2020-6974
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an malicious user to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.
Honeywell Notifier Webserver
5
CVSSv2
CVE-2019-13525
In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote malicious users to obtain web configuration data, which can be accessed without authentication over the network.
Honeywell Ip-ak2 Firmware
NA
CVE-2022-2332
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment.
Honeywell Softmaster 4.51
5.8
CVSSv2
CVE-2020-6982
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
Honeywell Win-pak
NA
CVE-2022-2333
If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.
Honeywell Softmaster 4.51
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »