28 matches found
EUVD-2023-58151
Malicious code in bioql PyPI...
EUVD-2022-46484
Malicious code in bioql PyPI...
EUVD-2022-51598
Malicious code in bioql PyPI...
CISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems ICS advisories on September 4, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-247-01 Honeywell OneWireless Wireless Device Manager WDM ICSA-25-217-01 Mitsubishi...
Honeywell OneWireless Wireless Device Manager (WDM)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in information exposure, denial of service, or remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
The vulnerability of the Honeywell OneWireless Wireless Device Manager (WDM) and the micro-programming software for Honeywell Experion PKS programmable logic controllers arises from the occurrence of an operation outside the buffer in memory, allowing a intruder to execute arbitrary code.
The vulnerability of Honeywell OneWireless Wireless Device Manager WDM and the micro-programmed software of Honeywell Experion PKS programmable logic controllers lies in the fact that operation outputs go beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execu...
The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager and the microprogrammed logic controllers of the Honeywell Experion PKS allows a intruder to execute arbitrary code and cause a service failure.
The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager and the microprogrammed logic controllers of the Honeywell Experion PKS is related to a countable degree of significance loss. Exploiting this vulnerability could allow an attacker to execu...
The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager and the microprogrammed logic controllers of the Honeywell Experion PKS allows a intruder to execute arbitrary code and cause a service failure.
The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager and the microprogrammed logic controllers of the Honeywell Experion PKS is related to a countable degree of significance loss. Exploiting this vulnerability could allow an attacker to execu...
The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager (WDM) and the microprogramming software for programmable logic controllers from Honeywell, the Experion PKS, allows a hacker to execute arbitrary code.
The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager and the microprogrammed software for programmable logic controllers like Honeywell Experion PKS is related to the implementation by an inappropriate developer. Exploiting this vulnerability...
CVE-2022-43485
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...
CVE-2022-4240
Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1...
CVE-2023-5878
Honeywell OneWireless Wireless Device Manager WDM for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading ...
CVE-2023-5878
Honeywell OneWireless Wireless Device Manager WDM for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading ...
CVE-2023-5878 OneWireless command injection possible when updating firmware
Honeywell OneWireless Wireless Device Manager WDM for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading ...
CVE-2023-5878 OneWireless command injection possible when updating firmware
Honeywell OneWireless Wireless Device Manager WDM for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading ...
CVE-2022-43485
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...
CVE-2022-4240
Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1...
Design/Logic Flaw
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...
CVE-2022-43485 Insecure random number used for generating keys for signing Jwt tokens
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...
CVE-2022-43485
CVE-2022-43485 affects Honeywell OneWireless WDM 322.1, due to use of insufficiently random values for signing tokens, potentially allowing attacker to manipulate client JWT claims. Remediation: upgrade to OneWireless 322.2 (as per Honeywell/ICS guidance). Several sources (Red Hat, PRION, CNNVD, ...