The vulnerability of the microprogrammed control panel software for Honeywell MB-Secure and MB-Secure PRO devices arises from the lack of measures taken to neutralize special elements used in the operating system’s command sequence. This allows attackers to execute arbitrary commands with elevated privileges.

The vulnerability of the microprogrammed control panel software for Honeywell MB-Secure and MB-Secure PRO devices is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute...

CVE-2025-2605

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most...