Page 7 of 104 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0

Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.  See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. • https://process.honeywell.com • CWE-697: Incorrect Comparison CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

[An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product such as Alerton ACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. • https://www.honeywell.com/us/en/product-security • CWE-290: Authentication Bypass by Spoofing CWE-326: Inadequate Encryption Strength •

CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2. • https://process.honeywell.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1 • https://process.honeywell.com • CWE-330: Use of Insufficiently Random Values •