CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-2280
https://notcve.org/view.php?id=CVE-2016-2280
21 Apr 2016 — Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors. Desbordamiento de buffer en RDISERVER en Honeywell Uniformance Process History Database (PHD) R310, R320 y R321 permite a atacantes remotos provocar una denegación de servicio (corte de servicio) a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-070-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7907
https://notcve.org/view.php?id=CVE-2015-7907
21 Dec 2015 — Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. Vulnerabilidad de salto de directorio en el servidor web en los detectores de gas de Honeywell Midas en versiones anteriores a 1.13b3 y en detectores de gas de Midas Black en versiones anteriores a 2.13b3 permite a atacantes r... • https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7908
https://notcve.org/view.php?id=CVE-2015-7908
21 Dec 2015 — Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network. Detectores de gas Honeywell Midas en versiones anteriores a 1.13b3 y detectores de gas Midas Black en versiones anteriores a 2.13b3 permiten a atacantes remotos descubrir contraseñas en texto plano rastreando la red. • https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2847
https://notcve.org/view.php?id=CVE-2015-2847
26 Jul 2015 — Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. Vulnerabilidad en Honeywell Tuxedo Touch en versiones anteriores a 5.2.19.0_VA, que confía en la autenticación en el lado del cliente con JavaScript, el cual permite a atacantes remotos evitar las restricciones destinadas al acceso eliminando las solicitudes USERACCT del fluj... • http://www.kb.cert.org/vuls/id/857948 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2848
https://notcve.org/view.php?id=CVE-2015-2848
26 Jul 2015 — Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. Vulnerabilidad CSRF en Honeywell Tuxedo Touch en versiones anteriores a 5.2.19.0_VA, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes relacionadas con comandos domóticos, tal como se demuestra en un com... • http://www.kb.cert.org/vuls/id/857948 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 1CVE-2015-0984
https://notcve.org/view.php?id=CVE-2015-0984
31 Mar 2015 — Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname. Vulnerabilidad de salto de directorio en el servidor FTP en los controladores Honeywell Ex... • http://seclists.org/fulldisclosure/2015/Apr/79 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 0CVE-2014-8269 – Honeywell OPOS Suite HWOPOSScale.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-8269
11 Dec 2014 — Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method. Múltiples desbordamientos de buffer basado en pila en (1) HWOPOSScale.ocx y (2) HWOPOSSCANNER.ocx en Honeywell OPOS Suite anteriores a 1.13.4.15, permiten a atacantes remotos ejecutar código arbitrario a través de un fichero manipulado que es manejado de forma indebida... • http://www.kb.cert.org/vuls/id/659684 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2717 – Honeywell Falcon Administrative Bypass
https://notcve.org/view.php?id=CVE-2014-2717
24 Jul 2014 — Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page. Los dispositivos controladores Honeywell FALCON XLWeb Linux 2.04.01 y anteriores y los dispositivos controladores FALCON XLWeb XLWebExe 2.02.11 y anetriores permiten a atacantes remotos evadir la autenticación y obtener el acceso administrativo mediante la vis... • http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01 •
CVSS: 6.1EPSS: 13%CPEs: 2EXPL: 2CVE-2014-3110 – Honeywell XL Web Controller - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-3110
24 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input. Múltiples vulnerabilidades de XSS en los dispositivos controladores Honeywell FALCON XLWeb Linux 2.04.01 y anteriores y los dispositivos controladores FALCON XLWeb XLWebExe 2.02.11 y anteriores permiten a atacantes remotos inyectar secuencias ... • https://packetstorm.news/files/id/147863 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 61%CPEs: 8EXPL: 1CVE-2013-0108 – Honeywell HSC Remote Deployer - ActiveX Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-0108
24 Feb 2013 — An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document. Vulnerabilidad en el control activeX en HscRemoteDeploy.dll en Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, y R410.2; SymmetrE R310, R410.1, y R410.2; ComfortP... • https://www.exploit-db.com/exploits/24745 • CWE-94: Improper Control of Generation of Code ('Code Injection') •