CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5878 – OneWireless command injection possible when updating firmware
https://notcve.org/view.php?id=CVE-2023-5878
06 Feb 2025 — Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to R322.3, R330.2 or the most recent version of this product2. Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R... • https://process.honeywell.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46453
https://notcve.org/view.php?id=CVE-2024-46453
27 Sep 2024 — A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. • https://github.com/nosmo-gla/iq3xcite-XSS-2.31-3.05/tree/main • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6620
https://notcve.org/view.php?id=CVE-2024-6620
29 Jul 2024 — Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site scripting vulnerability. A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side request forgery. Honeywell recommends updating to the most recent version of this firmware, PC42 Printer Firmware Version 20.6 T10.20.060398. • https://sps.honeywell.com/us/en/support/productivity/cyber-security-notifications • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5407
https://notcve.org/view.php?id=CVE-2023-5407
17 Apr 2024 — Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. Denegación de servicio del controlador debido al manejo inadecuado de un mensaje especialmente manipulado recibido por el controlador. Consulte la Notificación de seguridad de Honeywell para obtener recomendaciones sobre actualización y control de versiones. • https://process.honeywell.com • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5406
https://notcve.org/view.php?id=CVE-2023-5406
17 Apr 2024 — Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. La comunicación del servidor con un controlador puede conducir a la ejecución remota de código mediante un mensaje especialmente manipulado desde el controlador. Consulte la Notificación de seguridad de Honeywell para obtener recomendaciones sobre actualización y control de versiones. Server commun... • https://process.honeywell.com • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5405
https://notcve.org/view.php?id=CVE-2023-5405
17 Apr 2024 — Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. La pérdida de información del servidor para la memoria de proceso del servidor CDA puede ocurrir cuando se genera un error en respuesta a un mensaje especialmente manipulado. Consulte la Notificación de seguridad de Honeywell para obtener recomendaciones sobre actualización y control de ... • https://process.honeywell.com • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5404
https://notcve.org/view.php?id=CVE-2023-5404
17 Apr 2024 — Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning. El servidor que recibe un mensaje con formato incorrecto puede provocar que se sobrescriba un puntero, lo que puede provocar una ejecución remota del código o un fallo. Consulte la Notificación de seguridad de Honeywell para obtener recomendaciones sobre actualización y control de versiones. Ser... • https://process.honeywell.com • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5403
https://notcve.org/view.php?id=CVE-2023-5403
17 Apr 2024 — Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. Traducción del nombre de host del servidor a manipulación de la dirección IP, lo que podría llevar a que un atacante realice la ejecución remota de código o provoque una falla. Consulte la Notificación de seguridad de Honeywell para obtener recomendaciones sobre actualización y contro... • https://process.honeywell.com • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5401
https://notcve.org/view.php?id=CVE-2023-5401
17 Apr 2024 — Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. El servidor que recibe un mensaje con formato incorrecto basado en el uso de los valores clave especificados puede causar una vulnerabilidad de desbordamiento de pila que podría llevar a que un atacante realice una ejecu... • https://process.honeywell.com • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5400
https://notcve.org/view.php?id=CVE-2023-5400
17 Apr 2024 — Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. El servidor que recibe un mensaje con formato incorrecto basado en el uso de los valores clave especificados puede causar una vulnerabilidad de desbordamiento del montón que podría llevar a que un atacante realice la ejec... • https://process.honeywell.com • CWE-122: Heap-based Buffer Overflow •