Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
honeywell vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-2847
Honeywell Tuxedo Touch prior to 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote malicious users to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.
Honeywell Tuxedo Touch
1 Article
NA
CVE-2015-2848
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch prior to 5.2.19.0_VA allows remote malicious users to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.
Honeywell Tuxedo Touch
1 Article
9.1
CVSSv3
CVE-2020-6972
In Notifier Web Server (NWS) Version 3.50 and previous versions, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.
Honeywell Notifier Webserver
9.8
CVSSv3
CVE-2020-6974
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an malicious user to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.
Honeywell Notifier Webserver
8.8
CVSSv3
CVE-2020-6982
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
Honeywell Win-pak
8.8
CVSSv3
CVE-2020-7005
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an malicious user to remotely execute arbitrary code.
Honeywell Win-pak
NA
CVE-2014-8269
Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite prior to 1.13.4.15 allow remote malicious users to execute arbitrary code via a crafted file that is improperly handled by the Open method.
Honeywell Opos Suite
7.8
CVSSv3
CVE-2022-2333
If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.
Honeywell Softmaster 4.51
1 Github repository
5.3
CVSSv3
CVE-2019-13525
In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote malicious users to obtain web configuration data, which can be accessed without authentication over the network.
Honeywell Ip-ak2 Firmware
7.2
CVSSv3
CVE-2020-6978
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
Honeywell Win-pak
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »