Lucene search

HoneywellCVELIST:CVE-2022-4240

HistoryMay 30, 2023 - 4:15 p.m.

CVE-2022-4240 Unauthenticated API allowing an attacker to obtain the information about network resources

2023-05-3016:15:50

CWE-306

Honeywell

www.cve.org

cve-2022-4240

unauthenticated api

information access

authentication bypass

honeywell onewireless

critical function vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.002 Low

EPSS

Percentile

51.4%

JSON

Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OneWireless",
    "vendor": "Honeywell",
    "versions": [
      {
        "status": "affected",
        "version": "322.1"
      }
    ]
  }
]

References

process.honeywell.com/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.002 Low

EPSS

Percentile

51.4%

JSON

Related for CVELIST:CVE-2022-4240