Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
honeywell vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-2847
Honeywell Tuxedo Touch prior to 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote malicious users to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.
Honeywell Tuxedo Touch
1 Article
605
VMScore
CVE-2015-2848
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch prior to 5.2.19.0_VA allows remote malicious users to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.
Honeywell Tuxedo Touch
1 Article
320
VMScore
CVE-2018-8714
Honeywell MatrikonOPC OPC Controller prior to 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries.
Honeywell Matrikonopc Explorer
445
VMScore
CVE-2019-13525
In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote malicious users to obtain web configuration data, which can be accessed without authentication over the network.
Honeywell Ip-ak2 Firmware
NA
CVE-2023-6179
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recom...
Honeywell Prowatch 4.5
668
VMScore
CVE-2014-8269
Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite prior to 1.13.4.15 allow remote malicious users to execute arbitrary code via a crafted file that is improperly handled by the Open method.
Honeywell Opos Suite
668
VMScore
CVE-2020-6974
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an malicious user to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.
Honeywell Notifier Webserver
570
VMScore
CVE-2020-6978
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
Honeywell Win-pak
516
VMScore
CVE-2020-6982
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
Honeywell Win-pak
NA
CVE-2023-3243
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommende...
Honeywell Alerton Bcm-web Firmware -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »