Shodan
Vulnerabilities
Vulnerable Software
Honeywell:  Security Vulnerabilities
CVE-2021-39364
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-02-24
CVE-2020-27295
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVSS Score
7.5
EPSS Score
0.003
Published
2021-01-26
CVE-2020-27299
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVSS Score
9.1
EPSS Score
0.002
Published
2021-01-26
CVE-2020-27274
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVSS Score
7.5
EPSS Score
0.004
Published
2021-01-26
CVE-2020-27297
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVSS Score
9.8
EPSS Score
0.004
Published
2021-01-26
CVE-2020-10628
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-06-26
CVE-2020-10624
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-06-26
CVE-2020-6974
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-04-07
CVE-2020-6978
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
CVSS Score
7.2
EPSS Score
0.001
Published
2020-03-24
CVE-2020-6982
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved