CVE-2022-46361 – Physical access to the WDM enables use of USB device to gain access to the WDM
https://notcve.org/view.php?id=CVE-2022-46361
An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2. • https://process.honeywell.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-43485 – Insecure random number used for generating keys for signing Jwt tokens
https://notcve.org/view.php?id=CVE-2022-43485
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1 • https://process.honeywell.com • CWE-330: Use of Insufficiently Random Values •
CVE-2022-4240 – Unauthenticated API allowing an attacker to obtain the information about network resources
https://notcve.org/view.php?id=CVE-2022-4240
Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1 • https://process.honeywell.com • CWE-306: Missing Authentication for Critical Function •