Honeywell: Security Vulnerabilities
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-07-13
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-13
Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-13
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.
See Honeywell Security Notification for recommendations on upgrading and versioning.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-13
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
CVSS Score
7.5
EPSS Score
0.0
Published
2023-07-13
Controller DoS due to stack overflow when decoding a message from the server.
See Honeywell Security Notification for recommendations on upgrading and versioning.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-07-13
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash
and utilize it to create new sessions. The hash is also a poorly salted MD5
hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product such
as Alerton
ACM.] Out of an abundance of caution, this CVE ID is being assigned to
better serve our customers and ensure all who are still running this product understand
that the product is end of life and should be removed or upgraded.
CVSS Score
8.3
EPSS Score
0.001
Published
2023-06-28
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1
CVSS Score
6.2
EPSS Score
0.0
Published
2023-05-30
An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2.
CVSS Score
6.9
EPSS Score
0.0
Published
2023-05-30
Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1
CVSS Score
6.5
EPSS Score
0.0
Published
2023-05-30