3 results (0.002 seconds)

CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2. • https://process.honeywell.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1 • https://process.honeywell.com • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1 • https://process.honeywell.com • CWE-306: Missing Authentication for Critical Function •