Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

honeywell

Source -

ADPNVD

BOS Name -

Honeywell International Inc.

CNA CVEs -

0

ADP CVEs -

19

CISA CVEs -

0

NVD CVEs -

98
Related CVEsRelated ProductsRelated AssignersReports
108Vulnerabilities found
CVE-2015-0984
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||HIGH
EPSS-0.77% / 72.56%
||
7 Day CHG~0.00%
Published-31 Mar, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-excel_web_xl_1000c500_300_i\/o_uuklexcel_web_xl_1000c50u_52_i\/o_uuklexcel_web_xl_1000c50_52_i\/oexcel_web_xl_1000c1000_600_i\/o_uuklexcel_web_xl_1000c100_104_i\/oexcel_web_xl_1000c1000_600_i\/oexcel_web_xl_1000c500_300_i\/oexcel_web_xl_1000c100u_104_i\/o_uukln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-8269
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-6.16% / 90.46%
||
7 Day CHG~0.00%
Published-13 Dec, 2014 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-opos_suiten/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-3110
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.83% / 85.65%
||
7 Day CHG~0.00%
Published-24 Jul, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-falcon_xlweb_linux_controllerfalcon_xlweb_xlwebexen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2717
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.42% / 61.11%
||
7 Day CHG~0.00%
Published-24 Jul, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-falcon_xlweb_linux_controllerfalcon_xlweb_xlwebexen/a
CVE-2013-0108
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-6.8||MEDIUM
EPSS-61.43% / 98.26%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-symmetreenterprise_buildings_integratorcomfortpoint_open_manager_stationn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-0254
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-2.58% / 85.01%
||
7 Day CHG~0.00%
Published-08 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-experionenterprise_building_managersymmetren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-0331
Assigner-Flexera Software LLC
ShareView Details
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-3.01% / 86.07%
||
7 Day CHG~0.00%
Published-22 Mar, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-scanserver_activex_controln/a
CVE-2007-2938
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-57.35% / 98.06%
||
7 Day CHG~0.00%
Published-31 May, 2007 | 00:00
Updated-07 Aug, 2024 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.

Action-Not Available
Vendor-n/aMicrosoft CorporationHoneywell International Inc.
Product-internet_explorerademco_atnbaseloader100_modulen/a
  • Previous
  • 1
  • 2
  • 3
  • Next