Honeywell
Products by Honeywell Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in Honeywell . Last year Honeywell had 6 security vulnerabilities published. Right now, Honeywell is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 6 | 7.55 |
2022 | 6 | 7.22 |
2021 | 0 | 0.00 |
2020 | 5 | 8.74 |
2019 | 0 | 0.00 |
2018 | 1 | 6.10 |
It may take a day or so for new Honeywell vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Honeywell Security Vulnerabilities
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s)
CVE-2023-6179
7.8 - High
- November 17, 2023
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5).
Incorrect Permission Assignment for Critical Resource
Server information leak of configuration data when an error is generated in response to a specially crafted message
CVE-2023-25948
7.5 - High
- July 13, 2023
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
Generation of Error Message Containing Sensitive Information
Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.
CVE-2023-22435
7.5 - High
- July 13, 2023
Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.
Memory Corruption
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation
CVE-2023-23585
7.5 - High
- July 13, 2023
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning.
Memory Corruption
Experion server may experience a DoS due to a heap overflow
CVE-2023-24474
7.5 - High
- July 13, 2023
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
Memory Corruption
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation
CVE-2023-25078
7.5 - High
- July 13, 2023
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning.
Memory Corruption
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51
CVE-2022-2332
7.8 - High
- September 16, 2022
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment.
Incorrect Permission Assignment for Critical Resource
If an attacker manages to trick a valid user into loading a malicious DLL
CVE-2022-2333
7.8 - High
- September 16, 2022
If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 applications context and permissions.
DLL preloading
Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm
CVE-2022-30320
4.3 - Medium
- July 28, 2022
Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls (SBC) PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. It is possible to configure a password in order to restrict access to sensitive engineering functionality. Authentication is done by using the S-Bus 'write byte' message to a specific address and supplying a hashed version of the password. The hashing algorithm used is based on CRC-16 and as such not cryptographically secure. An insecure hashing algorithm is used. An attacker capable of passively observing traffic can intercept the hashed credentials and trivially find collisions allowing for authentication without having to bruteforce a keyspace defined by the actual strength of the password. This allows the attacker access to sensitive engineering functionality such as uploading/downloading control logic and manipulating controller configuration.
Use of a Broken or Risky Cryptographic Algorithm
Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass
CVE-2022-30319
8.1 - High
- July 28, 2022
Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. It is possible to configure a password in order to restrict access to sensitive engineering functionality. Authentication functions on the basis of a MAC/IP whitelist with inactivity timeout to which an authenticated client's MAC/IP is stored. UDP traffic can be spoofed to bypass the whitelist-based access control. Since UDP is stateless, an attacker capable of passively observing traffic can spoof arbitrary messages using the MAC/IP of an authenticated client. This allows the attacker access to sensitive engineering functionality such as uploading/downloading control logic and manipulating controller configuration.
Authentication Bypass by Spoofing
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users
CVE-2022-30245
6.5 - Medium
- July 15, 2022
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered.
Externally Controlled Reference to a Resource in Another Sphere
Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user
CVE-2022-1261
8.8 - High
- May 26, 2022
Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which
CVE-2020-6974
9.8 - Critical
- April 07, 2020
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.
Directory traversal
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may
CVE-2020-6982
8.8 - High
- March 24, 2020
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
Injection
In Honeywell WIN-PAK 4.7.2
CVE-2020-6978
7.2 - High
- March 24, 2020
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may
CVE-2020-7005
8.8 - High
- March 24, 2020
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.
Session Riding
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Servers authentication may be bypassed by a capture-replay attack
CVE-2020-6972
9.1 - Critical
- March 24, 2020
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Servers authentication may be bypassed by a capture-replay attack from a web browser.
Authentication Bypass by Capture-replay
Honeywell MatrikonOPC OPC Controller before 5.1.0.0
CVE-2018-8714
6.1 - Medium
- May 17, 2018
Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries.
Information Disclosure
Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1
CVE-2012-0254
- September 08, 2012
Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors.
Memory Corruption
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used
CVE-2007-2938
- May 31, 2007
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.