Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Honeywell Subscribe
Total 68 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39364 1 Honeywell 4 Hbw2per1, Hbw2per1 Firmware, Hdzp252di and 1 more 2022-03-09 5.0 MEDIUM 7.5 HIGH
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.
CVE-2012-0254 1 Honeywell 3 Enterprise Building Manager, Experion, Symmetre 2022-02-03 7.5 HIGH N/A
Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2019-13523 1 Honeywell 118 H2w2pc1m, H2w2pc1m Firmware, H2w2per3 and 115 more 2021-10-28 5.0 MEDIUM 5.3 MEDIUM
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L.
CVE-2007-2938 2 Honeywell, Microsoft 2 Ademco Atnbaseloader100 Module, Internet Explorer 2021-07-23 10.0 HIGH N/A
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.
CVE-2020-27295 1 Honeywell 1 Opc Ua Tunneller 2021-02-03 5.0 MEDIUM 7.5 HIGH
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVE-2020-27274 1 Honeywell 1 Opc Ua Tunneller 2021-02-03 5.0 MEDIUM 7.5 HIGH
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVE-2020-27297 1 Honeywell 1 Opc Ua Tunneller 2021-02-03 7.5 HIGH 9.8 CRITICAL
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVE-2020-27299 1 Honeywell 1 Opc Ua Tunneller 2021-02-03 6.4 MEDIUM 9.1 CRITICAL
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVE-2019-18226 1 Honeywell 128 H2w2gr1, H2w2gr1 Firmware, H2w2pc1m and 125 more 2020-09-28 7.5 HIGH 9.8 CRITICAL
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
CVE-2019-18228 1 Honeywell 50 H2w2gr1, H2w2gr1 Firmware, H2w2pc1m and 47 more 2020-09-28 5.0 MEDIUM 7.5 HIGH
Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service.
CVE-2020-10628 1 Honeywell 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more 2020-07-07 5.0 MEDIUM 7.5 HIGH
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.
CVE-2020-10624 1 Honeywell 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more 2020-07-07 5.0 MEDIUM 7.5 HIGH
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.
CVE-2020-6974 1 Honeywell 1 Notifier Webserver 2020-04-09 7.5 HIGH 9.8 CRITICAL
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.
CVE-2020-7005 1 Honeywell 1 Win-pak 2020-03-27 6.8 MEDIUM 8.8 HIGH
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.
CVE-2020-6972 1 Honeywell 1 Notifier Webserver 2020-03-27 6.4 MEDIUM 9.1 CRITICAL
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.
CVE-2020-6978 1 Honeywell 1 Win-pak 2020-03-27 6.4 MEDIUM 7.2 HIGH
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
CVE-2020-6982 1 Honeywell 1 Win-pak 2020-03-26 5.8 MEDIUM 8.8 HIGH
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
CVE-2020-6968 1 Honeywell 2 Inncom Inncontrol, Inncom Inncontrol Firmware 2020-02-28 4.6 MEDIUM 7.8 HIGH
Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files.
CVE-2020-6960 1 Honeywell 12 Hnmswvms, Hnmswvms Firmware, Hnmswvmslt and 9 more 2020-02-07 7.5 HIGH 9.8 CRITICAL
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges.
CVE-2020-6959 1 Honeywell 12 Hnmswvms, Hnmswvms Firmware, Hnmswvmslt and 9 more 2020-02-05 7.5 HIGH 9.8 CRITICAL
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution.