CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0CVE-2018-14825
https://notcve.org/view.php?id=CVE-2018-14825
24 Sep 2018 — On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 r... • http://www.securityfocus.com/bid/105767 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8714
https://notcve.org/view.php?id=CVE-2018-8714
17 May 2018 — Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. Honeywell MatrikonOPC OPC Controller en versiones anteriores a la 5.1.0.0 permite que usuarios locales transfieran archivos arbitrarios de un ordenador invitado y obtengan información sensible mediante vectores relacionados con las bibliotecas MSXML. • http://www.securityfocus.com/bid/104157 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 24%CPEs: 14EXPL: 1CVE-2017-14263
https://notcve.org/view.php?id=CVE-2017-14263
11 Sep 2017 — Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device. Los dispositivos NVR de Honeywell permiten a los atacantes remotos crear una cuenta de usuario en el grupo admin accediendo a la cuenta guest para obtener un ID de sesión y luego env... • https://github.com/zzz66686/CVE-2017-14263 • CWE-384: Session Fixation •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 3CVE-2017-5671 – Intermec PM43 Industrial Printer - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-5671
28 Mar 2017 — Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. Impresoras industriales Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43 y PC42 en versiones anteriores a 10.11.013310 y 10.12.x en versiones anteriores a 10.12.013309 tienen /usr/bin/l... • https://packetstorm.news/files/id/141915 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5139
https://notcve.org/view.php?id=CVE-2017-5139
13 Feb 2017 — An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web II. Cualquier usuario puede revelar una contraseña accediendo a una URL específica,... • http://www.securityfocus.com/bid/95971 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5140
https://notcve.org/view.php?id=CVE-2017-5140
13 Feb 2017 — An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. La contraseña se almacena en texto plano. • http://www.securityfocus.com/bid/95971 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5141
https://notcve.org/view.php?id=CVE-2017-5141
13 Feb 2017 — An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. Un atacante pue... • http://www.securityfocus.com/bid/95971 • CWE-384: Session Fixation •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5142
https://notcve.org/view.php?id=CVE-2017-5142
13 Feb 2017 — An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. Un usuario con privilegios bajos puede abrir y cambiar l... • http://www.securityfocus.com/bid/95971 • CWE-269: Improper Privilege Management •
CVSS: 8.6EPSS: 3%CPEs: 3EXPL: 0CVE-2017-5143
https://notcve.org/view.php?id=CVE-2017-5143
13 Feb 2017 — An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. Un usuario sin autenticación puede realizar un ataque de desplazamiento de directorios accediendo ... • http://www.securityfocus.com/bid/95971 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-8344
https://notcve.org/view.php?id=CVE-2016-8344
13 Feb 2017 — An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. Ha sido descubierto un problema en la plataforma Honeywell Expe... • http://www.securityfocus.com/bid/93950 • CWE-20: Improper Input Validation •