CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-10624
https://notcve.org/view.php?id=CVE-2020-10624
26 Jun 2020 — ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. ControlEdge PLC (versiones R130.2, R140, R150 y R151) y RTU (versiones R101, R110, R140, R150 y R151), exponen un token de sesión en la red • https://www.us-cert.gov/ics/advisories/icsa-20-175-02 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-10628
https://notcve.org/view.php?id=CVE-2020-10628
26 Jun 2020 — ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. ControlEdge PLC (versiones R130.2, R140, R150 y R151) y RTU (versiones R101, R110, R140, R150 y R151), exponen contraseñas sin cifrar en la red • https://www.us-cert.gov/ics/advisories/icsa-20-175-02 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6974
https://notcve.org/view.php?id=CVE-2020-6974
07 Apr 2020 — Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem. Honeywell Notifier Web Server (NWS) Versión 3.50, es vulnerable a un ataque de salto de ruta, lo que permite a un atacante omitir el acceso a directorios restringidos. Honeywell ha publicado una actualización de firmware para abordar el problema. • https://www.us-cert.gov/ics/advisories/icsa-20-051-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6978
https://notcve.org/view.php?id=CVE-2020-6978
24 Mar 2020 — In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries. En Honeywell WIN-PAK versión 4.7.2, Web y versiones anteriores, el producto afectado es vulnerable debido al uso de bibliotecas jQuery antiguas. • https://www.us-cert.gov/ics/advisories/icsa-20-056-05 • CWE-477: Use of Obsolete Function •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6982
https://notcve.org/view.php?id=CVE-2020-6982
24 Mar 2020 — In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. En Honeywell WIN-PAK versión 4.7.2, Web y versiones anteriores, se identificó una vulnerabilidad de inyección de encabezado, lo que puede permitir una ejecución de código remota. • https://www.us-cert.gov/ics/advisories/icsa-20-056-05 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7005
https://notcve.org/view.php?id=CVE-2020-7005
24 Mar 2020 — In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. En Honeywell WIN-PAK versión 4.7.2, Web y versiones anteriores, el producto afectado es vulnerable a un ataque de tipo cross-site request forgery, lo que puede permitir a un atacante ejecutar código arbitrario remotamente. • https://www.us-cert.gov/ics/advisories/icsa-20-056-05 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6972
https://notcve.org/view.php?id=CVE-2020-6972
24 Mar 2020 — In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. En Notifier Web Server (NWS) versiones 3.50 y anteriores, la autenticación del Honeywell Fire Web Server puede ser omitida por un ataque de reproducción de captura desde un navegador web. • https://www.us-cert.gov/ics/advisories/icsa-20-051-03 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6968
https://notcve.org/view.php?id=CVE-2020-6968
20 Feb 2020 — Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. Honeywell INNCOM INNControl 3, permite a usuarios de estación de trabajo escalar privilegios a usuarios de aplicación mediante la modificación de los archivos de configuración local. • https://www.us-cert.gov/ics/advisories/icsa-20-049-01 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-6960
https://notcve.org/view.php?id=CVE-2020-6960
22 Jan 2020 — The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to ... • https://www.us-cert.gov/ics/advisories/icsa-20-021-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2020-6959
https://notcve.org/view.php?id=CVE-2020-6959
22 Jan 2020 — The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely m... • https://www.us-cert.gov/ics/advisories/icsa-20-021-01 • CWE-502: Deserialization of Untrusted Data •