Aggregates CVE and security vulnerability intelligence across all Honeywell-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk xxe and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact memory corruption, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-2605 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product. | [email protected] | 9.9 | 0.82% | 2025-05-02 | 2025-05-17 |
| CVE-2024-46453 | A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | [email protected] | 6.1 | 0.17% | 2024-09-27 | 2025-03-13 |
| CVE-2024-2422 | LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands. | [email protected] | 9.3 | 1.07% | 2024-05-30 | 2026-02-02 |
| CVE-2024-2421 | LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions. | [email protected] | 9.3 | 0.72% | 2024-05-30 | 2026-02-02 |
| CVE-2024-2420 | LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements. | [email protected] | 8.8 | 0.07% | 2024-05-30 | 2026-02-02 |
| CVE-2023-51605 | Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) refe | [email protected] | 6.5 | 0.10% | 2024-05-03 | 2025-03-12 |
| CVE-2023-51604 | Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) refe | [email protected] | 6.5 | 0.11% | 2024-05-03 | 2025-03-12 |
| CVE-2023-51603 | Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CAB files. The issue results from the lack of proper validation of a user-suppl | [email protected] | 8.8 | 2.48% | 2024-05-03 | 2025-03-12 |
| CVE-2023-51602 | Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) refe | [email protected] | 6.5 | 0.10% | 2024-05-03 | 2025-03-12 |
| CVE-2023-51601 | Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of xml files. Due to the improper restriction of XML External Entity (XXE) refe | [email protected] | 6.5 | 0.10% | 2024-05-03 | 2025-03-12 |
| CVE-2023-51600 | Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) refe | [email protected] | 6.5 | 0.11% | 2024-05-03 | 2025-03-12 |
| CVE-2023-51599 | Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to | [email protected] | 8.8 | 2.48% | 2024-05-03 | 2025-03-12 |
| CVE-2023-36483 | Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history. | [email protected] | 6.5 | 0.18% | 2024-03-16 | 2026-02-25 |
| CVE-2023-1841 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update package MPA2 firmware R1.00.08.05 which addresses this vulnerability. This version and all later versions correct the reported vulnerability. | [email protected] | 8.1 | 0.31% | 2024-02-29 | 2025-03-04 |
| CVE-2024-1309 | Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1. | [email protected] | 6.5 | 0.06% | 2024-02-13 | 2024-11-22 |
| CVE-2023-5390 | An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | [email protected] | 5.3 | 0.21% | 2024-01-31 | 2024-11-21 |
| CVE-2023-5389 | An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recom | [email protected] | 9.1 | 0.13% | 2024-01-30 | 2024-11-21 |
| CVE-2023-6179 | Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5). | [email protected] | 7.8 | 0.04% | 2023-11-17 | 2024-11-21 |
| CVE-2023-3712 | Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). | [email protected] | 6.6 | 0.06% | 2023-09-12 | 2025-09-12 |
| CVE-2023-3711 | Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). | [email protected] | 6.4 | 0.12% | 2023-09-12 | 2025-09-12 |