EUVD-2025-13247

Malicious code in bioql PyPI...

📄 Honeywell MB-Secure Command Injection

Honeywell MB-Secure versions 11.04 and up to 12.53 and PRO versions from 01.06 to 03.09 suffer from an authenticated command injection vulnerability. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Comman...

The vulnerability of the microprogrammed control panel software for Honeywell MB-Secure and MB-Secure PRO devices arises from the lack of measures taken to neutralize special elements used in the operating system’s command sequence. This allows attackers to execute arbitrary commands with elevated privileges.

The vulnerability of the microprogrammed control panel software for Honeywell MB-Secure and MB-Secure PRO devices is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute...

CVE-2025-2605

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most...

CVE-2025-2605

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most...

CVE-2025-2605

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most...

CVE-2025-2605 Authenticated command injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most...

CVE-2025-2605 Authenticated command injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most...

CVE-2025-2605

CVE-2025-2605 is an OS command injection vulnerability in Honeywell MB-Secure and MB-Secure PRO. The issue arises from improper neutralization of special elements used in OS commands, enabling privilege abuse. Affected products and versions: MB-Secure from V11.04 before V12.53; MB-Secure PRO from...

Honeywell MB-Secure 安全漏洞

Honeywell MB-Secure is an industrial-grade network security solution from Honeywell USA designed for the Modbus protocol to provide communication protection and access control for industrial control systems ICS. A security vulnerability exists in Honeywell MB-Secure versions prior to V11.04 throu...

PT-2025-18774 · Honeywell · Honeywell Mb-Secure +1

Name of the Vulnerable Software and Affected Versions: Honeywell MB-Secure versions V11.04 through V12.53 Honeywell MB-Secure PRO versions V01.06 through V03.09 Description: The issue is related to an OS Command Injection vulnerability, allowing privilege abuse due to improper neutralization of...