Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Honeywell — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting Honeywell. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Honeywell operates as a global technology and manufacturing conglomerate, primarily providing industrial automation, building technologies, and performance materials. With seventy recorded Common Vulnerabilities and Exposures (CVEs), its software and connected devices frequently exhibit vulnerabilities related to remote code execution, cross-site scripting, and privilege escalation. These flaws often stem from legacy industrial control systems or web-based management interfaces that lack rigorous input validation or secure authentication mechanisms. Notable security characteristics include the complexity of integrating disparate operational technology with IT networks, which expands the attack surface. While no single catastrophic incident dominates the public record comparable to major ransomware events, the cumulative risk involves potential disruption to critical infrastructure and building management systems. The company continues to address these technical debt issues through firmware updates and enhanced security protocols, though the historical prevalence of these vulnerability classes highlights ongoing challenges in securing legacy industrial environments against modern cyber threats.

Top products by Honeywell: Experion Server Experion PKS Saia PG5 Controls Suite C300 C300 PCNT02 OneWireless PM23/43 WIN-PACK PRO SoftMaster ControlEdge UOC Niagara Framework Barcode Scanners IQ4E I-HIB2PI-UL 2MP IP S35 3M/5M/8M/Pinhole/Kit Camera MB-Secure OneWireless Network Wireless Device Manager PC42t, PC42tp, and PC42d (Common Firmware) MPA2 Access Panel ProWatch Notifier Web Server (NWS) Version 3.50 and earlier INNCOM INNControl 3 Performance IP Cameras Mobile Computers
CVE IDTitleCVSSSeverityPublished
CVE-2023-5397 Honeywell Experion Server 安全漏洞 — Experion ServerCWE-20 8.1 High2024-04-17
CVE-2023-5396 Honeywell Experion Server 安全漏洞 — Experion ServerCWE-805 7.4 High2024-04-17
CVE-2023-5395 Honeywell Experion Server 安全漏洞 — Experion ServerCWE-121 8.1 High2024-04-17
CVE-2023-5394 Honeywell Experion PKS 安全漏洞 — Experion ServerCWE-119 7.4 High2024-04-11
CVE-2023-5393 Honeywell Experion PKS 安全漏洞 — Experion ServerCWE-130 7.4 High2024-04-11
CVE-2023-5392 Honeywell C300 安全漏洞 — C300CWE-1295 7.5 High2024-04-11
CVE-2023-1841 Honeywell MPA2 Web Application XSS vulnerability — MPA2 Access PanelCWE-79 8.1 High2024-02-29
CVE-2024-1309 Resource Consumption Identified in NTP before 4.2.4p8 and 4.2.5 — Niagara FrameworkCWE-400 6.5 Medium2024-02-13
CVE-2023-5390 Honeywell Experion ControlEdge VirtualUOC和ControlEdge UOC 安全漏洞 — ControlEdge UOCCWE-36 5.3 Medium2024-01-31
CVE-2023-5389 Honeywell UOC 安全漏洞 — ControlEdge UOCCWE-749 9.1 Critical2024-01-30
CVE-2023-6179 Incorrect Permission assignment to program executable folders — ProWatchCWE-732 7.8 High2023-11-17
CVE-2023-3712 Potential user privilege escalation — PM23/43CWE-552 6.6 Medium2023-09-12
CVE-2023-3711 Potential Predictable Session ID — PM23/43CWE-384 6.4 Medium2023-09-12
CVE-2023-3710 Printer web page invalid command execution — PM23/43CWE-20 9.9 Critical2023-09-12
CVE-2023-25948 Server Data type confusion - info leak — Experion ServerCWE-394 7.5 High2023-07-13
CVE-2023-26597 Controller DOS on sending error response — C300CWE-400 7.5 High2023-07-13
CVE-2023-25770 Controller stack overflow on decoding messages from the server — C300CWE-502 9.8 Critical2023-07-13
CVE-2023-25178 Controller design flaw - unsigned firmware — C300CWE-345 9.8 Critical2023-07-13
CVE-2023-25078 DoS due to heap overflow — Experion ServerCWE-787 9.8 Critical2023-07-13
CVE-2023-24480 Controller stack overflow when decoding messages from the server — C300CWE-116 9.8 Critical2023-07-13
CVE-2023-24474 Server deserialization missing boundary checks - heap overflow in communication between server and controller — Experion ServerCWE-122 7.5 High2023-07-13
CVE-2023-23585 Server DoS due to heap overflow — Experion ServerCWE-787 9.8 Critical2023-07-13
CVE-2023-22435 Server bad parsing implementation - stack overflow in server::get_db_path_for_driver — Experion ServerCWE-697 7.5 High2023-07-13
CVE-2022-46361 Physical access to the WDM enables use of USB device to gain access to the WDM — OneWirelessCWE-77 6.9 Medium2023-05-30
CVE-2022-43485 Insecure random number used for generating keys for signing Jwt tokens — OneWirelessCWE-330 6.2 Medium2023-05-30
CVE-2022-4240 Unauthenticated API allowing an attacker to obtain the information about network resources — OneWirelessCWE-306 6.5 Medium2023-05-30
CVE-2021-38397 Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type — Experion PKSCWE-434 10.0 Critical2022-10-28
CVE-2021-38395 Honeywell Experion PKS and ACE Controllers Injection — Experion PKSCWE-74 9.1 Critical2022-10-28
CVE-2021-38399 Honeywell Experion PKS and ACE Controllers Relative Path Traversal — Experion PKSCWE-23 7.5 High2022-10-28
CVE-2022-2332 Honeywell SoftMaster Incorrect Permission Assignment for Critical Resource — SoftMasterCWE-732 6.2 Medium2022-09-16

This page lists every published CVE security advisory associated with Honeywell. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.