CVE-2022-4240 – Unauthenticated API allowing an attacker to obtain the information about network resources
https://notcve.org/view.php?id=CVE-2022-4240
Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1 • https://process.honeywell.com • CWE-306: Missing Authentication for Critical Function •
CVE-2021-38397 – Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2021-38397
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables a la carga de archivos sin restricciones, lo que puede permitir a un atacante ejecutar código arbitrario de forma remota y provocar una condición de Denegación de Servicio. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-38395 – Honeywell Experion PKS and ACE Controllers Injection
https://notcve.org/view.php?id=CVE-2021-38395
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables a una neutralización inadecuada de elementos especiales en la salida, lo que puede permitir a un atacante ejecutar código arbitrario de forma remota y provocar una condición de Denegación de Servicio. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-38399 – Honeywell Experion PKS and ACE Controllers Relative Path Traversal
https://notcve.org/view.php?id=CVE-2021-38399
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables al Path Traversal relativa, lo que puede permitir que un atacante acceda a archivos y directorios no autorizados. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVE-2022-2332 – Honeywell SoftMaster Incorrect Permission Assignment for Critical Resource
https://notcve.org/view.php?id=CVE-2022-2332
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment. Un atacante local no privilegiado puede escalar a privilegios de administrador en Honeywell SoftMaster versión 4.51, debido a una asignación no segura de permisos • https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02 https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •