CVE-2023-5878

CVE-2023-5878 applies to Honeywell OneWireless Wireless Device Manager (WDM). Affected versions: R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, and R330.1. The vulnerability is a command injection that authenticated attackers can trigger via the firmware update process, leading to potential remo...

CVE-2023-5878 OneWireless command injection possible when updating firmware

Honeywell OneWireless Wireless Device Manager WDM for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading ...

CVE-2023-5878 OneWireless command injection possible when updating firmware

Honeywell OneWireless Wireless Device Manager WDM for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading ...

Honeywell OneWireless Wireless Device Manager 安全漏洞

Honeywell OneWireless Wireless Device Manager Honeywell OneWireless WDM is a wireless device manager from Honeywell USA. A security vulnerability exists in Honeywell OneWireless Wireless Device Manager. An attacker can exploit the vulnerability to inject commands. The following versions are...

The vulnerability of the Honeywell OneWireless Wireless Device Manager (WDM) lies in the lack of measures taken to clean data at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the Honeywell OneWireless Wireless Device Manager WDM lies in the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Honeywell OneWireless Wireless Device Manager’s dispatcher is related to the lack of authentication for a critical function, allowing attackers to escalate their privileges.

The vulnerability of the Honeywell OneWireless Wireless Device Manager’s dispatcher is related to the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker operating remotely to increase their privileges...

CVE-2022-4240

Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1...

CVE-2022-46361

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to...

CVE-2022-43485

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...

CVE-2022-4240

Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1...

CVE-2022-43485

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...

Design/Logic Flaw

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...

Design/Logic Flaw

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to...

Authentication flaw

Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1...

CVE-2022-46361 Physical access to the WDM enables use of USB device to gain access to the WDM

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to...

CVE-2022-46361

Honeywell OneWireless WDM contains CVE-2022-46361: a physical-access vulnerability where a USB device can be used to enter a system command and back up configuration commands, potentially leading to the execution of unwanted commands. Affected: all OneWireless WDM versions up to 322.1; fixed in 3...

CVE-2022-46361 Physical access to the WDM enables use of USB device to gain access to the WDM

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to...

CVE-2022-43485 Insecure random number used for generating keys for signing Jwt tokens

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...

CVE-2022-43485

CVE-2022-43485 affects Honeywell OneWireless WDM 322.1, due to use of insufficiently random values for signing tokens, potentially allowing attacker to manipulate client JWT claims. Remediation: upgrade to OneWireless 322.2 (as per Honeywell/ICS guidance). Several sources (Red Hat, PRION, CNNVD, ...

CVE-2022-43485 Insecure random number used for generating keys for signing Jwt tokens

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...