← Back

Honeywell

honeywell

102 CVEs • 377 products

Products (377)

Click to collapse
Toggle
Saia Pg5 Controls Suite
saia_pg5_controls_suite
9 CVEs
C300 Firmware
c300_firmware
7 CVEs
Experion Process Knowledge System
experion_process_knowledge_system
6 CVEs
Xl Web Ii Controller
xl_web_ii_controller
5 CVEs
Hbw2per1 Firmware
hbw2per1_firmware
5 CVEs
Hdzp252di Firmware
hdzp252di_firmware
5 CVEs
Experion Server
experion_server
5 CVEs
Experion Station
experion_station
5 CVEs
Engineering Station
engineering_station
5 CVEs
Direct Station
direct_station
5 CVEs
Hpw2p1 Firmware
hpw2p1_firmware
4 CVEs
Opc Ua Tunneller
opc_ua_tunneller
4 CVEs
Safety Manager Firmware
safety_manager_firmware
4 CVEs
Maxpro Nvr Se Firmware
maxpro_nvr_se_firmware
3 CVEs
Maxpro Nvr Xe Firmware
maxpro_nvr_xe_firmware
3 CVEs
Maxpro Nvr Pe Firmware
maxpro_nvr_pe_firmware
3 CVEs
H4w8pr2 Firmware
h4w8pr2_firmware
3 CVEs
Hbw8pr2 Firmware
hbw8pr2_firmware
3 CVEs
H2w2pc1m Firmware
h2w2pc1m_firmware
3 CVEs
H2w4per3 Firmware
h2w4per3_firmware
3 CVEs
H2w2per3 Firmware
h2w2per3_firmware
3 CVEs
Hew2per3 Firmware
hew2per3_firmware
3 CVEs
Hew4per3b Firmware
hew4per3b_firmware
3 CVEs
Hew4per2b Firmware
hew4per2b_firmware
3 CVEs
Hew2per2 Firmware
hew2per2_firmware
3 CVEs
H4w2per2 Firmware
h4w2per2_firmware
3 CVEs
Hbw2per2 Firmware
hbw2per2_firmware
3 CVEs
H4w2per3 Firmware
h4w2per3_firmware
3 CVEs
Hdzp304di Firmware
hdzp304di_firmware
3 CVEs
H2w2gr1 Firmware
h2w2gr1_firmware
3 CVEs
Win Pak
win-pak
3 CVEs
Controledge Plc Firmware
controledge_plc_firmware
3 CVEs
Controledge Rtu Firmware
controledge_rtu_firmware
3 CVEs
C200 Firmware
c200_firmware
3 CVEs
C200e Firmware
c200e_firmware
3 CVEs
Application Control Environment Firmware
application_control_environment_firmware
3 CVEs
Onewireless Network Wireless Device Manager Firmware
onewireless_network_wireless_device_manager_firmware
3 CVEs
Pm43 Firmware
pm43_firmware
3 CVEs
Lenels2 Netbox
lenels2_netbox
3 CVEs
Symmetre
symmetre
2 CVEs
Falcon Xlweb Linux Controller
falcon_xlweb_linux_controller
2 CVEs
Falcon Xlweb Xlwebexe
falcon_xlweb_xlwebexe
2 CVEs
Tuxedo Touch
tuxedo_touch
2 CVEs
Midas Black Firmware
midas_black_firmware
2 CVEs
Midas Firmware
midas_firmware
2 CVEs
H4w4per2 Firmware
h4w4per2_firmware
2 CVEs
H4w4per3 Firmware
h4w4per3_firmware
2 CVEs
Hbd2per1 Firmware
hbd2per1_firmware
2 CVEs
Hbw4per1 Firmware
hbw4per1_firmware
2 CVEs
Hbw4per2 Firmware
hbw4per2_firmware
2 CVEs
Hbw4pgr1 Firmware
hbw4pgr1_firmware
2 CVEs
Hed2per3 Firmware
hed2per3_firmware
2 CVEs
Hew4per3 Firmware
hew4per3_firmware
2 CVEs
H3w2gr1v Firmware
h3w2gr1v_firmware
2 CVEs
H3w4gr1v Firmware
h3w4gr1v_firmware
2 CVEs
H3w2gr1 Firmware
h3w2gr1_firmware
2 CVEs
H3w2gr2 Firmware
h3w2gr2_firmware
2 CVEs
H3w4gr1 Firmware
h3w4gr1_firmware
2 CVEs
H4l2gr1v Firmware
h4l2gr1v_firmware
2 CVEs
H4w2gr1 Firmware
h4w2gr1_firmware
2 CVEs
H4w2gr1v Firmware
h4w2gr1v_firmware
2 CVEs
H4w4gr1v Firmware
h4w4gr1v_firmware
2 CVEs
H4l2gr1 Firmware
h4l2gr1_firmware
2 CVEs
H4w2gr2 Firmware
h4w2gr2_firmware
2 CVEs
H4w4gr1 Firmware
h4w4gr1_firmware
2 CVEs
H4l6gr2 Firmware
h4l6gr2_firmware
2 CVEs
Hm4l8gr1 Firmware
hm4l8gr1_firmware
2 CVEs
H4d8gr1 Firmware
h4d8gr1_firmware
2 CVEs
Hbl2gr1v Firmware
hbl2gr1v_firmware
2 CVEs
Hbw2gr1v Firmware
hbw2gr1v_firmware
2 CVEs
Hbw2gr3v Firmware
hbw2gr3v_firmware
2 CVEs
Hbw4gr1v Firmware
hbw4gr1v_firmware
2 CVEs
Hbl6gr2 Firmware
hbl6gr2_firmware
2 CVEs
Hmbl8gr1 Firmware
hmbl8gr1_firmware
2 CVEs
Hbd8gr1 Firmware
hbd8gr1_firmware
2 CVEs
Hfd6gr1 Firmware
hfd6gr1_firmware
2 CVEs
Hfd8gr1 Firmware
hfd8gr1_firmware
2 CVEs
Hdz302liw Firmware
hdz302liw_firmware
2 CVEs
Hdz302lik Firmware
hdz302lik_firmware
2 CVEs
Hdz302de Firmware
hdz302de_firmware
2 CVEs
Hdz302d Firmware
hdz302d_firmware
2 CVEs
Hdz302din C1 Firmware
hdz302din-c1_firmware
2 CVEs
Hdz302din S1 Firmware
hdz302din-s1_firmware
2 CVEs
Hcl2gv Firmware
hcl2gv_firmware
2 CVEs
Hcl2g Firmware
hcl2g_firmware
2 CVEs
Hcw2g Firmware
hcw2g_firmware
2 CVEs
Hcw4g Firmware
hcw4g_firmware
2 CVEs
Hcd8g Firmware
hcd8g_firmware
2 CVEs
Hcw2gv Firmware
hcw2gv_firmware
2 CVEs
Mpnvrswxx Firmware
mpnvrswxx_firmware
2 CVEs
Hnmswvms Firmware
hnmswvms_firmware
2 CVEs
Hnmswvmslt Firmware
hnmswvmslt_firmware
2 CVEs
Notifier Webserver
notifier_webserver
2 CVEs
Alerton Ascent Control Module Firmware
alerton_ascent_control_module_firmware
2 CVEs
Softmaster
softmaster
2 CVEs
Controledge Unit Operations Controller Firmware
controledge_unit_operations_controller_firmware
2 CVEs
Controledge Virtual Unit Operations Controller Firmware
controledge_virtual_unit_operations_controller_firmware
2 CVEs
Ademco Atnbaseloader100 Module
ademco_atnbaseloader100_module
1 CVE
Scanserver Activex Control
scanserver_activex_control
1 CVE
Enterprise Building Manager
enterprise_building_manager
1 CVE

CVEs (102)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-2605
1Honeywell
2Mb Secure Firmware
Mb Secure Pro Firmware
May 17, 2025
May 2, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secur...Show more
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product.Show less
CVE-2024-46453
1Honeywell
1Iq3xcite Firmware
Mar 13, 2025
Sep 27, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-2422
1Honeywell
1Lenels2 Netbox
Feb 2, 2026
May 30, 2024
9.3 CRITICAL· v4
8.8 HIGH· v3
N/A· v2
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.
CVE-2024-2421
1Honeywell
1Lenels2 Netbox
Feb 2, 2026
May 30, 2024
9.3 CRITICAL· v4
9.8 CRITICAL· v3
N/A· v2
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated pe...Show more
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions.Show less
CVE-2024-2420
1Honeywell
1Lenels2 Netbox
Feb 2, 2026
May 30, 2024
8.8 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.
CVE-2023-51605
1Honeywell
1Saia Pg5 Controls Suite
Mar 12, 2025
May 3, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell S...Show more
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. . Was ZDI-CAN-18644.Show less
CVE-2023-51604
1Honeywell
1Saia Pg5 Controls Suite
Mar 12, 2025
May 3, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell S...Show more
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. . Was ZDI-CAN-18593.Show less
CVE-2023-51603
1Honeywell
1Saia Pg5 Controls Suite
Mar 12, 2025
May 3, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia...Show more
Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CAB files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. . Was ZDI-CAN-18592.Show less
CVE-2023-51602
1Honeywell
1Saia Pg5 Controls Suite
Mar 12, 2025
May 3, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell S...Show more
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. . Was ZDI-CAN-18591.Show less
CVE-2023-51601
1Honeywell
1Saia Pg5 Controls Suite
Mar 12, 2025
May 3, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell S...Show more
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of xml files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. . Was ZDI-CAN-18563.Show less
CVE-2023-51600
1Honeywell
1Saia Pg5 Controls Suite
Mar 12, 2025
May 3, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell S...Show more
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. . Was ZDI-CAN-18456.Show less
CVE-2023-51599
1Honeywell
1Saia Pg5 Controls Suite
Mar 12, 2025
May 3, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Sui...Show more
Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. . Was ZDI-CAN-18412.Show less
CVE-2023-36483
1Honeywell
2Masmobile Asp.net Services
Masmobile Classic
Feb 25, 2026
Mar 16, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve se...Show more
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data  including customer data, security system status, and event history.Show less
CVE-2023-1841
1Honeywell
1Mpa2 Firmware
Mar 4, 2025
Feb 29, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Pa...Show more
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05.  Honeywell released firmware update package MPA2 firmware R1.00.08.05 which addresses this vulnerability. This version and all later versions correct the reported vulnerability. Show less
CVE-2024-1309
1Honeywell
1Niagara Framework
Nov 22, 2024
Feb 13, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.
CVE-2023-5390
1Honeywell
2Controledge Unit Operations Controller Firmware
Controledge Virtual Unit Operations Controller Firmware
Nov 21, 2024
Jan 31, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller t...Show more
An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.Show less
CVE-2023-5389
1Honeywell
2Controledge Unit Operations Controller Firmware
Controledge Virtual Unit Operations Controller Firmware
Nov 21, 2024
Jan 30, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may res...Show more
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. Show less
CVE-2023-6179
1Honeywell
1Prowatch
Nov 21, 2024
Nov 17, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user t...Show more
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5). Show less
CVE-2023-3712
1Honeywell
1Pm43 Firmware
Sep 12, 2025
Sep 12, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.  Update...Show more
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.  Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).Show less
CVE-2023-3711
1Honeywell
1Pm43 Firmware
Sep 12, 2025
Sep 12, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the...Show more
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).Show less