CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5389
https://notcve.org/view.php?id=CVE-2023-5389
30 Jan 2024 — An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on... • https://process.honeywell.com • CWE-749: Exposed Dangerous Method or Function •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-51599 – Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51599
20 Dec 2023 — Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in ... • https://www.zerodayinitiative.com/advisories/ZDI-23-1848 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51600 – Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51600
20 Dec 2023 — Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a cra... • https://www.zerodayinitiative.com/advisories/ZDI-23-1849 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51601 – Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51601
20 Dec 2023 — Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of xml files. Due to the improper restriction of XML External Entity (XXE) references, a cra... • https://www.zerodayinitiative.com/advisories/ZDI-23-1850 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51602 – Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51602
20 Dec 2023 — Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a cra... • https://www.zerodayinitiative.com/advisories/ZDI-23-1851 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-51603 – Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51603
20 Dec 2023 — Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CAB files. The issue results from the lack of proper validation of a user-supplied path prio... • https://www.zerodayinitiative.com/advisories/ZDI-23-1852 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51604 – Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51604
20 Dec 2023 — Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a cra... • https://www.zerodayinitiative.com/advisories/ZDI-23-1853 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51605 – Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51605
20 Dec 2023 — Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a cra... • https://www.zerodayinitiative.com/advisories/ZDI-23-1854 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6179 – Incorrect Permission assignment to program executable folders
https://notcve.org/view.php?id=CVE-2023-6179
17 Nov 2023 — Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5). Honeywell ProWatch 4.5, incluidas todas las versiones de Service Pack, contiene una vulnerabilidad en las carpetas ejecut... • https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-3712 – Potential user privilege escalation
https://notcve.org/view.php?id=CVE-2023-3712
12 Sep 2023 — Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). Vulnerabilidad de Archivos o Directorios Accesibles a Partes Externas en Honeywell PM43 en 32 bits, ARM (Módulos de página web de impresora) permite la escalada de privilegios. Este prob... • https://github.com/vpxuser/CVE-2023-3712-POC • CWE-552: Files or Directories Accessible to External Parties •