Product Security

Product Security Incident Response Team (PSIRT)

The goal of our Product Security Incident Response Team (PSIRT) is to minimize customers’ risk associated with security vulnerabilities by providing timely information, guidance and remediation of vulnerabilities in our products, including software and applications, hardware and devices, services and solutions. This team manages the receipt, investigation, internal coordination, remediation and disclosure of security vulnerability information related to Honeywell offerings.

We take security concerns seriously and work to quickly evaluate and address them. Once a security concern is reported, we commit the appropriate resources to analyze, validate, and address the issue.

Product Security Incident Response Workflow

Discovery Phase

Reporting a Potential Security Vulnerability

We welcome reports from independent researchers, industry organizations, vendors, and customers. To find out more information on how to report a potential vulnerability, please visit  Vulnerability Reporting.

Bug Bounty Program

At the moment, Honeywell does not participate in a bug bounty program or provide any monetary incentives for discovering vulnerabilities. Honeywell does recognize reporters and security researchers on our public acknowledgement page.

Triage Phase

In this phase, an incident owner is assigned to the case.

Analysis Phase

The analysis phase entails assessing and validating the security concern by conducting thorough analysis.

Common Vulnerability Scoring System (CVSS)

We use the Common Vulnerability Scoring System version 3.1 (CVSS v3.1) to evaluate the severity level of identified vulnerabilities. This enables a common scoring method and a common language to communicate the characteristics and impacts of vulnerabilities and allows responders to prioritize responses and resources according to the threat.

Severity rating scale as shown in the table below:

When and where applicable, Honeywell will provide the CVSS v3.1 Base Score.

We recommend consulting a security or IT professional to evaluate the risk of your specific configuration and we encourage users to compute the environmental score based on their network parameters. We also recommend leveraging a security or IT professional’s assessment of the issue to prioritize responses in your own environment.

Different base scores

There may be instances where NVD’s score and Honeywell's score may differ. If so, this is because as owners of the product we are able to account for configurations, build, and other nuisances of the product. In the event the score differs, please use the Honeywell base score.

Disposition and Communication Phase

Remediation timelines will depend on many factors, including: the severity, the product affected, the current development cycle, QA cycles, and whether the issue can only be updated in a major release.

Remediation may take one or more of the following forms:

A new release
A Honeywell-provided patch
Instructions to download and install an update or patch from a third-party
A workaround to mitigate the vulnerability

Notwithstanding the foregoing, we do not guarantee a specific resolution for issues and not all issues identified may be fixed.

Communication and Notification

At this point in time a communication plan is determined. Below are various forms of communication.

Disclosure Phase

Notifying Customers of Vulnerability

We take responsibility to ensure that our customers are notified, when necessary, in an efficient manner. Most communication will be posted after patches or workaround has been released on our Security Notice site.

We will not provide additional information about the specifics of vulnerability or how to reproduce. We do not distribute exploit or proof of concept code for identified vulnerabilities.

In accordance with industry practices, we do not share our findings from internal security testing or other types of security activities with external entities. It is important to note that any unauthorized scan of our services and production systems will be considered an attack.

Coordinated Vulnerability Disclosure

Coordinated Vulnerability Disclosure (CVD) is indeed a crucial process in managing and mitigating vulnerabilities in hardware, software, and services. Honeywell's approach to CVD involves engaging with various stakeholders such as partners, vendors, researchers, and community coordinators to ensure that newly discovered vulnerabilities are disclosed in a controlled and coordinated manner. Multi-party coordination is essential because it helps in understanding the different parties' vulnerability disclosure policies, handling policies, and contractual agreements, which in turn fosters trusted communication and collaboration.

By increasing transparency between parties, vendors can better understand and manage the risks posed by vulnerabilities. This transparency also facilitates engagements with other parties, ensuring that everyone involved is on the same page. The primary aim of CVD is to provide timely and consistent guidance to all parties and customers, helping them protect themselves effectively.

Honeywell follows a similar approach to CVD. They encourage independent reporters who discover vulnerabilities to contact them directly, allowing Honeywell to investigate and remediate the vulnerabilities before they are publicly disclosed. The Product Security Incident Response Team (PSIRT) coordinates with the reporter throughout the investigation and provides updates on progress. Once an update or mitigation information is publicly released, the reporter is welcome to discuss the vulnerability publicly.

This process not only helps in protecting customers but also ensures that public disclosures are coordinated appropriately, and reporters are acknowledged for their findings. If a reported vulnerability involves a vendor product, the PSIRT will notify the vendor directly, coordinate with the reporter, or engage a third-party coordination center.

For more information on CVD, please review the information provided in the following links:

Report a Vulnerability Issue

We encourage coordinated disclosure of security vulnerabilities. Security researchers, industry groups, government organizations and vendors can report potential security vulnerabilities to Honeywell by choosing one of the two vulnerability types in the form below or by emailing us with below details mentioned.

If the vulnerability affects a product, service or solution, email us at PSIRT@honeywell.com, with the following instructions/details:

Please encrypt using Honeywell’s public PGP key (see PGP Key page) and include the following:
- Product and version
- Description of the potential vulnerability
- Any special configuration required to reproduce the issue
- Step by step instructions to reproduce the issue
- Proof of concept or exploit code, if available
- Potential Impact

For all other security issues, email us at Security@honeywell.com with the following instructions.

Please encrypt using Honeywell’s public PGP key (see PGP Key page) and include the following:
- Website URL or location
- Type of vulnerability (XSS, Injection, etc.)
- Instructions to reproduce the vulnerability
- Proof of concept or exploit code, including how an attacker could exploit the vulnerability
- Potential impact

Download PGP Key here

PGP Key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGd9hOwBEADMjbVEqCfesFbIgEJg48jdZ4gtNXu7RQWRkPY8L2OStdEV+/Ju 8lqdeq9SmtnX5HX34MweRxyI198KSvdzGZoCyCV/GHs2XE+WLbmSW/b1fytvzMw/ NxuflLiTKY0Yyz6Y67Fx4AIczrGeRNKALEsB3snei3X/WHFdTJ8Dq9fqBeDTxjb7 8jk9WkWb/Oi7FsAOv3KMdS/Zs+SlfuYmR8OOQ1v05ODRjKyS2ng25sMphAej2KlY 2N0HWqblvqIHsHQbAammxH5gaMvSbKuPQ7MgjpUrP4TO7u0DdP/OY97OJM8u9tcg VyaiAF1CuIYmr8CpvmbmaVMOK6RgGqOrYdy14RjrjrgLJTmTwjzfLAfd+oR4QlSL tlVgiM8wK6ehVQ5AO1OQnwBw6YujOON9fCSt1HGaPKofi1iB35G5VNUJRV4H1+2o L66rjIBHLK5if4587hqWg66l36lnyJxnqYY0JhN5ioAJcee9k2Tzqyvk2XGEBVvX ZgtEwce2l4aSYB5yNMNRkO6qVVg1BbMK6uS9bl+dcw9CvWQsjF0u0NP6kyQow2ci yU6rmKtuEuUhUHBpNq4qmIbIU0WJiLLzqUP9ipMvf885WNfdFdVZkAvzOCzFsgW3 d+ll90UEcEl97Zi8qC7uepTfV/BPjKAeHDhRMumexd9imz9nEqlNfU3LNwARAQAB tCtIb25leXdlbGwgU2VjdXJpdHkgPFNlY3VyaXR5QEhvbmV5d2VsbC5jb20+iQJX BBMBCABBFiEEm3//z1146f4I+tK0dj5q1cmHq0AFAmd9hXkCGwMFCQeGHukFCwkI BwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQdj5q1cmHq0CKlw//S5g6N8ZuwNpW VPIb0DpS4/HSLguRodKfrAahgtE6d6giwNKAsXvtHnTn3DpWz1ISyzYC8EeWsNqW 6tO9rvlcN2Frg5MD5OIWpnOE54eDTt/pxH9iE0M8dKzs49CgFiiBGZjUrW+GcYHm O6nRL6oU2gBwqzVpWpPx7i0Vr4f7R01ABVolBYteCSW0dofWKF3dl2Oh1Hek6dkV Dd3gjyP/UEflum1OvGdiARy8d5u9MJDA9Gxh7Mpcf2Ch/WAfaIIIGGQInveiJCqx +w1C/G4E8P1v4ejO44+CZHxFmEc40fpUXr1azFTXiORjXsDEfSrxty9/MEbQ38p2 v/m72DLL+0kyMgovx87vAUaikDRo7EhuA1rK4XgH9oohf08aYUobC3BbSLYnulId OGHx0fstY3dDSM0Hg7l19XwTBmx/rK5QN7/ksmWn8mjCi1jonrHGtdEMPyDOEkLO KtYsyvECibbXNKegUP2T4eQC0iiNWYg5TprCcs+Ym7lFeV1i7wDJX/aYEVQ/nkNo pk7asIJ0Ho6xuuGsSd25quGu3uDVt69O4NCCrTNxJkmE+iytp1EqcwQzx/qnz9GF EtO+AZ089Tuq7SLtvIjq2dfgRWN+cV8Zu4a5cE9+zZXInmeFffwmE31i/Cwmo2b8 l+QcN6AWPSSK+Tno4ISP0xDMIzl/Cki0JUhvbmV5d2VsbCBQU0lSVCA8UFNJUlRA aG9uZXl3ZWxsLmNvbT6JAlcEEwEIAEEWIQSbf//PXXjp/gj60rR2PmrVyYerQAUC Z32E7AIbAwUJB4Ye6QULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRB2PmrV yYerQOKoD/49tsvcfxGrY5LNISTkFHXFhngzI4yLmgM6/y9vInJ8B9mTYk9SAEfb sC8IbJ9yDQWXboXqYkmlBBX7mcJVCTaabojedLwrCrjrkCSeCseOX/UzB92rejS1 V3nA6gY99otY+nvKhUgDo8masiqvcx8n3XMIcHZrjOEIyik1T/vv68QkfVksFFbj u0QAsoDSeZerBc+k3ui29hBg5EEhjSYhGKdRejhTgi9xEi1E+9NrF6EPirCf+IZJ uDkRxfSTangae8cuEIcrWI6ckf45YtzFwkG43Y8fMkLibmb0F+DLYF5HCandMRKC W5MLshjvFf7iE3FlkAbsUtTDmiEKT3BBw1Apkz9+yIwROxPJIbatYKepzAKsgagQ GfWhBXQYojdlbXZJy8WyIYVkXwEp/MjH2pDhHFWmLGWz8JeFHxRSEqoOdw/JVa0I mOM3U1lVqtzp0U0b7P53b74EYNPMCaIhIXmKSBPKnqgv36UrW+RZuwu7x/eZU4V4 lMm9iS7zCqyS/PXzuIDqpPpeVBBNyQa7zeB4L9PrsBZE0dTOlODoGZ1Od5zZwP0G bu5lW5AE/Zq0BeO/78pfL/4KuAypNClz6pIQU5lKI9LkrtQbns6TQML0tGKBdSaM SZeC/ONM8AXAxDNQWgOTvvxuB80Un6PP5qHUat685AsLsNkOceL9VbQjSG9uZXl3 ZWxsIENJUlQgPENJUlRASG9uZXl3ZWxsLmNvbT6JAloEEwEIAEQCGwMFCQeGHukF CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AWIQSbf//PXXjp/gj60rR2PmrVyYer QAUCZ32FtAIZAQAKCRB2PmrVyYerQNt2D/93Y/6ERjpFdDsE55XfSTokliDsLRAj TYxnQVSJvar4LTSlbWxUUsGkGNGoI3soCbXHztRBbidiy1RYfqe5T39GR4cY5wjY azAsqKbdqUZNRWOgrNyEcBxPCHoj3PGw653pdXP807y/WlDrZ2LW74Wu5ubeRvz6 qkSuTN8tBHJct59OMZIrvVzEhGGNBCHMhexzDPeE8hIsy6q7Xm4ENYaYiYEaxgGG i3dkNUAM2460ep3G4qev+99qqMTO+lSaOCXM2smfG3Vx67x9bxW68xGShejYbaWP ig+ArMEcuKDt15OXW2agVy0EFw+u4zmKqNWhMLXTXXXCqAtiEeccHKeBQR6oOyuN xH+rqhLmjtwW+QJCogfUdlSyH0f15ccrVXWx6FsTa1BYWVXOGMA62MiDeI5TY7Iz Lm+f24eTAFFV0qXiFepERLTKKBrKzqbkB3+8RBsUv6EncA5wZBc7c3VyexNm3ahF a4k7RnRrV/hgtNbACzYEHcAXEJ5LHFPmpa4czjMO2kqLlN9H1kL90dHGlm0UFAuR GzZcItp2xTEYXdGLf7YRNi6sT/8CEMKSLAgOleZ8+mDD57XKL6L1AaTuLP+UkYcC 24EH/hcYvIh0wzjUaeQmuJIu866TlvYjUgZW1kmptqCJAQWeAgcSCUxpFwZF2Zxv 7G17/59tV3XIkbQlSG9uZXl3ZWxsIEFidXNlIDxBYnVzZUBIb25leXdlbGwuY29t PokCVwQTAQgAQRYhBJt//89deOn+CPrStHY+atXJh6tABQJnfYVrAhsDBQkHhh7p BQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEHY+atXJh6tAiBEP+weuHOiO nc6sp0ifddx3unwSgGf4mJ7AHbC7R5IK4LOZ3mgwhiqZBtdwichJYbRfBTFgmqrv 2vUFVuY8xjfPS07xX1uMM3R2cY/37/4MguUrma40FohjkuUI4jsMYYpLJOm1HRRl rg/GJjzmQtwxDZkgwlOPG64TEGqqbYX1jR4PRpDRRGAc45j+RW5RkvFNGcUxGGil 9NMUPJ5inTPd5zBfuucZHrqmNfbucoYClBAm7IAyvagzn3yMOza25hzeXk0YH43q znsnekwdAnbjp0haxVEunzaivrzFHa03RS+YUJrLSY65NKWUiRMjo4w6klcVq7Vs xsbM3rEkLeWb213gGGcVQ7swAsUYVu4YFPuXrlZQspU7vKnKRaCRwArYGN30dQcV sXcE/s/bDUcELezdUUHHmfW/LDRivcxP/Hi3bDiB2dN3J53a+HgMUAuGShebtKCs j8KurgoL9DQ14k32tr39uEgavayZXTsk3q9KkMkP9DwpMPj9T0Lq+Vx7W4sNzP5i TMOLPMXW4KwxhdstT8ktwQcV9bU1QLoVnN4g4JC5fefhAtDxdBcf+hLhJmjmCas8 CbcgaVQevw18H4duaBiwpfhrHmzXhPt/62M3jDJ6Yb2ruhLsZfkKHvYNJQYJYOQZ /D4Juh3foGh8j+jLnBcEvMRdvTHTh2rH5d4EuQINBGd9hOwBEAC6Aj843QiAMatT dit4DqWaCL54FIUSc12OmiHq1AvFu4bM8BmbQk+BSTvOlhuY0gvT1X8nZStR3kPO XeVUVF6kwqd6QdXQDgvO0KhRMEVCrH97ex+Kosj0hJyoFQ8c0+gmmLc/uze4T3be KQpcrg5rdSv92dj4lxhHDi8aCD2SmUqYcFHfsFIQQt5tg8mMSNs6DpJEZwjNZ18I CDt3u86TcZF6Eu+RUvGqUY1UPjAHAmA5lMHVv33nWcP6NertqcW3la+ybvRSsixY yPRjKjE9Q8aSyBXZehic3oI6JudQQD9cNmgTn0m1zSZaRJkNaaSnJngyqfUWUO9s jeb/DTq9qKfyFe1omHtMD4fOEKnZmMZHAXChIEIwokpIYrC91LYri4g82X+I9idc oG99z6o6xz64BHcwPMjRZ5n6SAXnl73yyc78EdQ6nmoAjMURoGugYh/oCLNJ4OqC GYjubUq9TZyRZJ62G4J/70/ZwqT4USAH40BGC3yM9mHAiP9naHWwQtDzTblQ4wnT l9CyPpwwk2NP2M9jhsBJ+AQebs7Ir+gGi0g0qOzs/pLAZ8wJmeYBQaRrIipsoEmK vJVKa4e4908Djyz4Zni9jBtaNU5brma9Sw9juWLrYLANlqaxbDKpSXPwsXRzxwg3 qJV1+A+sUBWvapE+Ip1lil3lm+anJwARAQABiQI8BBgBCAAmFiEEm3//z1146f4I +tK0dj5q1cmHq0AFAmd9hOwCGwwFCQeGHukACgkQdj5q1cmHq0AxgRAAunAHTNhi uHSAXOl+lX5s1X6hk5THGiC4KH2sTtRAlx8IADZPD8qcpmbf1mM6LHIfHA0zbor8 BZ2TdNhmkticy94IZPifogRz97rih3+2Qh/xEHpX5K8RMuYIco+kyiEYXS0AbZ7m 6AwUEMcKf1hKCqnh+jw0HxnTyQ3u0ExvutWsZujh3jGQBKimEZyjamxeoPt7jQsW l5T1aJxsMEDMmEYQgBVSlKMbek3Gv9h1iG9KvYY2T83t41e5S5+IO+Zbg9eBx7Pt PEOSFz4L6YbFOK2sqAeTX9qita2Uu86abgexxysqyp7aD9gFZ+7PsN8yUnRn9pVX w4k3j5xxRbTmd5zTMMHjuWjpMHR6amcbpqd1crw7EgdyldU6HifHH9OOfekkz4b9 RaDg4oNcS1l+cwtJMoMoUfrVg6yz8+kq4Fe/pVZMKMkB4KALQuYtDhRibsO8IxVO upGlswZtV1BeccUEeBTfYFeNbrm6zfpvhE+6NG8rg9i5awrr6lc4+8AmAGB6IuhK jGQCSzC3mwfRxLzaTnqhsSPO1HahYyAsOsK4gbtAUyNa7U9bRcvb5aUmRA5gTQKJ BGFx7fcVRqsIden/G3eEfZTxUT1rbYbBitaNyDMPcec3bCRg3d3aVxnQvCqons8/ 7r09DvoCJxqTZSDCvM0IapvGqBhJyH4HVlc= =4ddc

-----END PGP PUBLIC KEY BLOCK-----

Acknowledgments

We would like to acknowledge all individuals who have reported a vulnerability in our environment. We are grateful for these security researchers who help keep us secure.

2025:

REPORTERS NAME	ASSOCIATION LINK
Chongqing Lei
Christopher Morales
Ionut Gavrilut	https://www.linkedin.com/in/igavri/
Junzhou Luo	https://cs.seu.edu.cn/jluo/main.htm
Qiguang Zhang
Xinwen Fu	https://www.cs.uml.edu/~xinwenfu/index.html
Yue Zhang	https://yue.zyueinfosec.com/
Zhen Ling	https://www.linkedin.com/in/zhenling/

2024:

REPORTERS NAME	ASSOCIATION LINK
Ahmad Alassaf	https://www.linkedin.com/in/ahmad-alassaf-63811218a/
AKHIL C.D.	https://www.linkedin.com/in/akhil-c-d-661abb292/
Lorenzo Turazzi Luchtemberg Bovi de Sá	https://www.linkedin.com/in/lorenzo-de-sa
Mark Rosenbaum	https://linktr.ee/markrosenbaum
Rohitash Choudhary	https://www.linkedin.com/in/rohitash-choudhary/
Trinetra Rao	https://x.com/TrinetraRao?t=S_J1SsY9aY9MnuZVwMPBEQ&s=08
Uri Katz of Claroty Research - Team82	https://claroty.com/team82
Vinayak Sakhare	https://www.linkedin.com/in/vinayak-sakhare-63b343119
Yogeswaran M	https://www.linkedin.com/in/yogeswaran-m

2023:

REPORTERS NAME	ASSOCIATION LINK
Abian Blome	https://www.siemens-energy.com/
Alexander Heck	https://www.linkedin.com/in/alexander-heck-b11b29b
Dawid Lenart	https://pl.linkedin.com/in/dawid-lenart-a28a48143
Eaton Zveare/Traceable ASPEN	https://www.linkedin.com/in/eatonz
Felipe Gabriel Renzi	linkedin.com/in/felipe-gabriel-renzi
Lockheed Martin Red Team
Michael Messner	https://www.siemens-energy.com/
Mohammed Alotibi	https://www.linkedin.com/in/mohammed-a-73790a17a
Nikhil Rane	https://www.linkedin.com/in/nikhil-rane-31733a217/
Pavel Sushko	https://www.linkedin.com/in/pavel-sushko/
Rahul Ramakant Singh	https://www.linkedin.com/in/rahul-singh-5604b1135
Qusai Alhaddad	https://www.linkedin.com/in/qusaialhaddad
Sagar Yadav	https://twitter.com/sagaryadav8742
Shivani Gundluru	https://www.linkedin.com/in/shivani-gundluru-a45b43212
Tushar Jaiswal	https://linkedin.com/in/the-tushar-jaiswal

2022:

REPORTERS NAME	ASSOCIATION LINK
Digant Prajapati	https://www.linkedin.com/in/digant-prajapati/
Foysal Ahmed Fahim	https://www.linkedin.com/in/foysal1197, https://twitter.com/foysal1197
George Gkanidis	https://twitter.com/Jocker_RL
Girish B O	https://www.linkedin.com/in/girish-b-o-a410bb1bb, https://twitter.com/Girishbo05
Mahmoued Elhussiny	https://www.linkedin.com/in/mahmoued-elhussiny-aa9b5881/
Nikhil Rane	https://www.linkedin.com/in/nikhil-rane-31733a217
Pavel Marko
Rakan Abdulrahman Al-Khaled *	https://www.linkedin.com/in/rakan-al-khaled
Roshan Zameer	https://www.linkedin.com/mwlite/in/roshan-zameer-97a8531b9
Suprit S Pandurangi	https://www.linkedin.com/in/suprit-pandurangi-a90526106

2021:

REPORTERS NAME	ASSOCIATION LINK
Aniket Anil Deshmane*	https://twitter.com/AniketDeshmane9?s=08
Armanul Miraz	@mirazdevox
Ben Leonard-Lagarde
Carl Dworzack
Danish Tariq	https://www.linkedin.com/in/danishtariqq/
Harinder Singh	https://www.linkedin.com/in/lambardar
Husain Murabbi (cyber_humans)	https://www.linkedin.com/in/husain-murabbi-cyberhumans/
Joel Sanchez	https://www.linkedin.com/in/joel-sanchez-199b79123/
Joost Bakker	BovenIJ ziekenhuis
Martino Tommasini
Mansoor Rangwala (cyber_humans)	https://www.linkedin.com/in/mansoor-rangwala-cyberhumans/
Netan Mangal*	https://www.linkedin.com/in/netanmangal
Pratik Sunil Tryambake
Rajnish Kumar Gupta	https://www.linkedin.com/in/geekyrajnish
Rick de Jager	https://github.com/RickdeJager
Swapnil Maurya	@swapmaurya20
Thilo Mohri	https://www.linkedin.com/in/tmohri/
Todd Heflin	www.linkedin.com/in/taterbrown
Tracy Williams	https://www.linkedin.com/in/battletroll/
Vinayak Chaturvedi	https://www.linkedin.com/in/vinayak-chaturvedi-348b071a1

2020:

REPORTERS NAME	ASSOCIATION LINK
Aagam Shah	https://twitter.com/neutrinoguy
Abhishek Tiwari	https://www.linkedin.com/in/rootabhi
Ahmed Salah Abdalhfaz	https://twitter.com/elsfa7110
Badal Sardhara	https://www.linkedin.com/in/badal-sardhara-9b43a41a5
Boik Su	https://twitter.com/boik_su
Chandana S Kallesh	https://www.linkedin.com/in/chandana-kallesh-a14b2a184/
Elias Mourany	https://www.linkedin.com/in/eliasmourany/
Javad Dadgar	https://twitter.com/javadmacros
Mohammad Reza Zamiri	https://twitter.com/d3c0der
Mostafa Anas	https://www.linkedin.com/in/mostafaanashelal
MrMustacheMan	themmm.dev
Naveen Kumawat	https://twitter.com/nvk0x
Niraj Mahajan	https://www.linkedin.com/in/niraj1mahajan/
Omur UGUR	https://www.linkedin.com/in/omurugur-siberg%C3%BCvenlik/
Paul Seekamp	https://www.linkedin.com/in/paulseekamp/
Pramod Sargar	https://linkedin.com/in/impramodsargar
Pranav Bhandari	https://www.linkedin.com/in/pranav-bhandari-8bb644158/
Reza Dorosti	https://twitter.com/DorostiRe
Satyendra Shrivastava	https://www.linkedin.com/in/satyendra-shrivastava/
Uri Katz of Claroty
Vikas Srivastava, India	https://www.linkedin.com/in/007vikaxh
Vishwa Ratna	https://stackoverflow.com/users/4964136/vishwa-ratna?tab=profile
Yash Agarwal	https://www.linkedin.com/in/yashagarwal2605/
Zach Edwards	https://twitter.com/thezedwards
12103-Psychonaut

2019:

REPORTERS NAME	ASSOCIATION LINK
Alberto Perez Agudo
Athul Jayaram	https://www.linkedin.com/in/athuljayaram
Dominique van Dorsselaer
GwanYeong Kim	@sec_karas
Jan Kopriva	https://www.linkedin.com/in/jan-kopriva/
Mohammed Adam	https://www.linkedin.com/in/mohammedadam24/
Rahul Gamit	https://www.linkedin.com/in/rahul-gamit-54a93a188/
Ramkumar Ganesan	https://www.linkedin.com/in/ram-kumar94
Ronak Nahar	https://www.linkedin.com/in/naharronak/
Sreekanth Reddy	https://twitter.com/sree_appsec
Sumit Grover	@sumgr0

2018:

REPORTERS NAME	ASSOCIATION LINK
Abhishek Misal	http://www.linkedin.com/in/abhishek-misal
B. Dhiyaneshwaran
Bill Ben Haim	https://www.linkedin.com/in/bill-ben-haim-b6775a48/
Kapil Kulkarni*	https://www.linkedin.com/in/kapil-kulkarni-oscp-ceh-chfi-5a333763/
Mohamed Hamed	https://www.linkedin.com/in/mohamed-hamed-239378163/
Nitish Shah	https://twitter.com/iamNitishShah
Pethuraj M	https://www.pethuraj.in/
Udhaya Prakash C*	@Udhaya_ISRO
Utkarsh Agrawal	https://twitter.com/agrawalsmart7
Vijiln	@vijiln

2017 and earlier:

REPORTERS NAME	ASSOCIATION LINK
Abdul Haq Khokhar	@abdulhaqkhokhar
Abdul Rehman Qureshi
Abhineeti Singh	https://my.linkedin.com/in/abhineeti-singh-739628a4
Alexander Sidukov (Positive Technologies)	@cyberopus
Alisha Sheikh	https://in.linkedin.com/in/alisha-sheikh-96059615a
Amit Kumar	https://www.linkedin.com/in/amit-kumar-9853731a4
Angkan Chanda
Ari Apridana	https://www.linkedin.com/in/ariapridana/
Ashish Kunwar	@D0rkerDevil
Ayush Pandey	https://www.linkedin.com/in/ayush-pandey-148797175
Gayatri Rachakonda	https://www.linkedin.com/in/gayatri-r-8368a3110
Gjoko Krstic	https://www.linkedin.com/in/gjokokrstic
Harish P	https://www.linkedin.com/in/harish-p-62b38a158
Harshal S. Sharma	https://www.linkedin.com/in/harshalss-war10ck/
Jayesh Patel	https://www.breachlock.com
Joachim Kerschbaumer	https://twitter.com/joachimk
Jose Carlos Exposito Bueno
Khaled Sakr	https://www.linkedin.com/in/khaled-sakr-61821698
Lutfu Mert Ceylan	https://linkedin.com/in/lutfumertceylan/
Mahad Ahmed	https://octadev.com.pk
Maxim Rupp	http://rupp.it/
Mikael Vingaard	Vingaard.dk
Mindset Technologies	https://mindsetechnologies.com/certificates
Mohammed Faiz Quadri	https://my.linkedin.com/in/mfaquadri
Nadav Erez (Claroty)	https://www.linkedin.com/in/nadav-erez/
Nick Jensen	https://www.linkedin.com/in/nickmarcjensen/
Pratik Khalane	https://www.linkedin.com/in/pratik-khalane/
Rei Henigman (Claroty)
Saurabh Shinde	https://www.linkedin.com/in/saurabhshinde96/
Serge Lacroute	https://www.linkedin.com/in/serge-lacroute-677a3b134/
Srikar V	https://linkedin.com/in/exp1o1t9r
Steven Hampton	@keritzy
Tansel ÇETİN	@tansbey
Umesh Jore*	https://www.linkedin.com/in/umesh-jore-55015194
Varun Thorat	https://www.linkedin.com/in/3xtrinsic/
Vasim Shaikh	https://www.linkedin.com/in/vasim-shaikh-094507110
Venkatesh Sivakumar	@PranavVenkats
Victor Curalea	https://twitter.com/VictorCuralea
Victor Hylejam	https://twitter.com/ov3rflow1
Wai Yan Aung	@waiyanaun9
Yunus Aydin	https://www.linkedin.com/in/aydinnyunus/

* Indicates multiple submissions

Security Notices

Below is a list of published Honeywell Security Notices. Honeywell recommends following the guidance provided in these Notices regarding mitigations to described security issues.

If you are a customer looking for Security Notifications regarding Honeywell Process Solutions (HPS) products, please click here.

Security Impact Rating	CVSS Score
Critical	9.0 – 10.0
High	7.0 – 8.9
Medium	4.0 – 6.9
Low	1.0 – 3.9

Forms of Communication	Description
Security Notice	May be released to notify customers when a vulnerability is fixed.
Product Release Note/Update	Release notes may be used to communicate a launch of a new software/hardware product or a product update and may include latest changes, feature enhancements, or bug fixes/patches.
CVE Records	Records are released to inform stakeholders about specifics regarding the vulnerability discovered. The records may include information such as Common Vulnerability Enumeration (CVE) ID number, description of the security vulnerability, and references associated with the vulnerability such as vulnerability reports and advisories.
Media Statements	May be used to address any Honeywell related news or incidents.
End of Service Life Notice	An EOSL notice may be released to inform a Honeywell customer that the product will no longer be supported or sold.

Title/ SN ID #	Affected Product/Product Family	CVE/ICSA	Severity	Published	Last Updated
Asure ID Software Removal 2024-07-01 01	Niagara EntSec from 4.10u8 and 4.13u3	NA	NA	2024-07-01	2024-07-01
Niagara libwebp Vulnerability 2024-01-09 01	Mulitple Niagara Framework, Niagara EntSec versions	CVE-2023-4863	Medium	2024-01-09	2024-07-01
Spring4Shell NO IMPACT 2022-04-09 01	Niagara Framework and Niagara EntSec	CVE-2022-22963	NA	2022-04-09	2023-05-31
Niagara MQTT Driver Vulnerability 2022-03-14 01	Mulitple Niagara Framework, Niagara EntSec versions	NA	Medium	2022-03-14	2023-05-31
Niagara Hx Profile Vulnerability 2022-02-11 01	Mulitple Niagara Framework, Niagara EntSec versions	NA	Medium	2022-02-11	2023-05-31
Niagara log4j NO IMPACT 2021-12-13 01	Niagara Framework and Niagara EntSec	CVE-2021-44228	NA	2021-12-13	2021-12-13
Niagara QNX BadAlloc, Privilege Escalation, and JxBrowser Vulnerabilities 2021-09-09 01	Mulitple Niagara Framework, Niagara EntSec versions, and QNX based products	CVE-2021-22156	Medium	2021-09-09	2021-12-13
Niagara JNLP/Web Start Vulnerability 2021-03-31 01	Mulitple Niagara Framework, Niagara EntSec versions	NA	Medium	2021-03-31	2021-12-13
Niagara TLS Timeout Vulnerability 2020-07-28 01	Niagara 4.6, 4.7, 4.8; Niagara EntSec 2.4, 4.8	CVE-2020-14483	Medium	2020-07-28	2020-12-21
Niagara Ripple20 NO IMPACT 2020-06-30 01	Niagara JACE-8000, Edge10	ICSA-20-168-01	NA	2020-06-30	2020-12-21
Niagara JRE and Bouncycastle fixes 2020-02-26 01	Niagara AX 3.8, Niagara EntSec 2.3	NA	NA	2020-02-26	2020-12-21
Niagara QNX Vulnerabilities (Niagara Software) 2019-08-27 01	Niagara AX 3.8u4, Niagara 4.4u3, Niagara 4.7u1	NA	High	2019-08-27	2020-07-06
Niagara QNX Vulnerabilities (Niagara EntSec Software) 2019-08-23 01	Niagara EntSec Products	NA	NA	2019-08-23	2020-07-06
Niagara Chromium Vulnerability 2019-05-09 01	Niagara 4.4u2, 4.6, 4.7	CVE-2019-5786	High	2019-05-09	2020-07-06
Niagara Framework Guidelines	Niagara Framework Products	NA	NA	2019-05-10	2020-07-06
Niagara Cross-Site Scripting Vulnerability 2018-11-12 01	Niagara AX 3.8u4, Niagara 4.4u2, Niagara 4.6, Niagara EntSec 2.3u1	NA	Medium	2018-11-12	2019-02-05
Update Release for Niagara AX and Niagara 4 2018-06-01 01	Niagara AX 3.8, Niagara 4.4	NA	NA	2018-06-01	2019-02-05
Tridium Wi-Fi WPA/2 Protocol Vulnerabilities 2017-10-16 01	JACE 8000, Jace 700	10 CVEs	High	2017-10-16	2018-08-06
Goldeneye/Petya, WannaCrypt/WannaCry Resource	All Niagara Products	Multiple	High	2017-05-01	2018-08-06
Niagara Hardening Guide Against WannaCry Vulnerabilities	Niagara Framework and Niagara EntSec	Multiple	High	2017-05-01	2018-08-06
Niagara POODLE SSLv3 Vulnerability 2014-10-21 01	All Niagara Products	CVE-2014-3566	Critical	2014-10-21	2018-08-06
Tridium Shellshock Vulnerability NO IMPACT 2014-09-30 01	All Tridium Products	NA	NA	2014-09-30	2018-08-06
Tridium Heartbleed Vulnerability NO IMPACT 2014-04-10 01	All Tridium Products	NA	NA	2014-04-10	2018-08-06
MPA2 Web Application XSS 2024-03-08 01	MPA2 vR1.00.08.05	CVE-2023-1841	High	2024-03-08	2024-03-08
HW OmniClass/iClass Encoder Secure Channel Downgrade 2024-01-31 01	HW OmniClass 2.0 Contactless Smart, Multi-Technology, and BLE Readers, HID iCLASS® SE™ CP1000 Encoder, HID® iCLASS® SE™ and OMNIKEY® Secure Elements, Third-party products that use HID’s OEM module for reading HID cards	CVE-2024-23806 CVE-2024-22338	High	2024-01-31	2024-01-31
Voice Console XSS 2023-12-20 02	Voice Console v5.6.2, v5.6.3	CVE-2023-6590	Medium	2023-12-20	2023-12-20
HVoice Console Blind SQL Injection 2023-12-20 01	Voice Console v5.6.2, v5.6.3	NA	High	2023-12-20	2023-12-20
PM23/43 Command Injection 2023-08-01 01	PM23/43 Printers	CVE-2023-3710	Critical	2023-09-12	2023-09-12
PM23/43 Session ID Vulnerability 2023-08-02 01	PM23/43 Printers	CVE-2023-3711	High	2023-09-12	2023-09-12
PM23/43 Privilege Escalation Vulnerability 2023-08-03 01	PM23/43 Printers	CVE-2023-3712	High	2023-09-12	2023-09-12
Command Injection HDZP252DI 2022-01-26 01	Camera Model HDZP252DI	CVE-2021-39363	Medium	2022-01-26	2022-01-26
Video Replay Vulnerability HBW2PER1 2022-01-26 02	Camera Model HBW2PER1	CVE-2021-39364	Medium	2022-01-26	2022-01-26
HBT Apache Log4j Vulnerability 2021-HBT-12-14 01 V2	Apache Log4j Libraries	CVE-2021-44228 CVE-2021-45046	Critical	2021-12-16	2021-12-16
SPS Apache Log4j Vulnerability 2021-SPS-12-14 01 V2	Apache Log4j Libraries	CVE-2021-44228 CVE-2021-45046 CVE-2021-45105	Critical	2021-12-16	2021-12-22
Honeywell Security UK LTD Battery Compliance 2021-09-20 01	Honeywell Security UK Ltd Battery Products	NA	NA	2021-09-20	2021-09-20
Wi-Fi Vulnerabilities (Frag Attacks)	Wi-Fi Devices	NA	Varies	2020-08-15	2020-08-15
Mobility Products RCE and DOS Vulnerabilities 2020-08-14 01	Thor VM1A, Thor VM3A, CK65, CN80, CN80G, CN85, CT40, CT60, EDA60K, EDA51, EDA71, EDA61K	CVE-2020-11201 CVE-2020-11202 CVE-2020-11206 CVE-2020-11207 CVE-2020-11208 CVE-2020-11209	High	2020-08-14	2020-08-14
Ripple20 Vulnerability 2020-07-17 01	RL 3/4, RL 3e/4e, RP 2/4, E-Class, I-Class, MP Compact MkIII, A-Class, H-Class, M-Class, PB 21/22/31/32, PB 50/51, PR2/3, PD42, PM4i, PX4i, PX6i	ICSA-20-168-01	High	2020-07-17	2020-07-17
Ripple20 NO IMPACT Notification 2020-07-02 01	Honeywell Commercial Security Video Products	NA	NA	2020-07-02	2020-07-02
Kr00k NO IMPACT Notification 2020-03-03 01	Honeywell Productivity Products	CVE-2019-15126	NA	2020-03-03	2020-03-03
Unauthenticated RCE via unsafe binary deserialization and Unauthenticated Remote arbitrary SQL command injection 2019-10-25 01	MAXPRO VMS HNMSWVMS, MAXPRO VMS HNMSWVMSLT, MAXPRO NVR XE, MAXPRO NVR SE, MAXPRO NVR PE, MAXPRO NVR MPNVRSWXX	CVE-2020-6959 CVE-2020-6960 ICSA-20-021-01	High	2019-10-25	2019-10-25
IP Camera DoS Vulnerability 2019-09-13 01	equIP® Series Cameras: H4L2GR1, HBL2GR1, HCL2G, H4W2GR1, H4W2GR2, H4W4GR1, H3W2GR1, H3W2GR2, H3W4GR1, HBW2GR1, HBW4GR1, HBW2GR3, HCW2G, HCW4G	CVE-2019-18228 ICSA-19-304-02	High	2019-09-13	2019-09-13
IP Camera and Recorder Replay Attack Vulnerability 2019-09-13 02	equIP® Series Cameras, Performance Series Cameras, Recorders	CVE-2019-18226 ICSA-19-304-04	High	2019-09-13	2019-09-13
IP Camera Unauthenticated Access to Audio Vulnerability 2019-09-04 01	equIP® Series Cameras, Performance Series Cameras	CVE-2019-18230 ICSA-19-304-03	High	2019-09-04	2019-09-04
IP Camera/NVR Configuration Data Information Disclosure Potential Vulnerability 2019-04-30 01	Performance IP Series Cameras, Performance Series NVRs	CVE-2019-13523 ICSA-19-260-03	Medium	2019-04-30	2019-04-30
Android OS Privilege Elevation Vulnerability 2018-09-18 01	CT60, CN80, CT40, CK75, CN75, CN75e, CT50, D75e, CN51, EDA50k, EDA50, EDA70, EDA60k, EDA51	CVE-2018-14825 ICSA-18-256-01	High	2018-09-13	2018-09-13
Processor Vulnerabilities (Spectre and Meltdown) 2018-04-19 01	CN75, CN75e, CK75, CV41, CV31, CV61, D99 SERIES, CK3R, CK3X, CN70, CN70e, CK70, CK71, Tecton, AND Various Dolphin, Thor, and Talkman Products	CVE-2017-5754 CVE-2017-5753 CVE-2017-5715	Critical	2018-04-19	2018-04-19
Wi-Fi Vulnerability KRACK 2017-12-04 01	70+ Honeywell Productivity Products (WPA2 vulnerability)	10 CVEs	High	2017-12-04	2017-12-04
BlueBorne Vulnerability 2017-11-13 01	Honeywell Productivity Products with Bluetooth Capability	8 CVEs	High	2017-11-13	2017-11-13
Experion Controller and SMSC S300 Modification Vulnerabilities ICSA-24-116-04	Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC	16 CVEs	Critical	2024-04-05	2024-04-05
Honeywell Softmaster Uncontrolled Search Path Vulnerability ICSA-22-256-02	Softmaster Products	CVE-2022-2333 CVE-2022-2332	High	2022-09-13	2022-09-13
ControlEdge Hard-coded Credentials ICSA-22-242-06	ControlEdge Products	CVE-2022-30318	Critical	2022-08-30	2022-08-30
Experion LX Missing Auth for Critical Function ICSA-22-242-07	Experion LX Products	CVE-2022-30317	Critical	2022-08-30	2022-08-30
IQ Series Cleartext Transmission Vulnerability ICSA-22-242-08	IQ Series Controllers	CVE-2022-30312	High	2022-08-30	2022-08-30
Saia Burgess PG5 Auth Bypass and Use of Broken Cryptographic Algorithm ICSA-22-207-03	Saia Burgess PG5 PCD Products	CVE-2022-30319 CVE-2022-30320	High	2022-07-28	2022-07-28
Safety Manager Missing Auth, Use of Hard-coded credentials, and Insufficient Verification of Data Authenticity ICSA-22-207-02	Honeywell Safety Manager Products	CVE-2022-30315 CVE-2022-30313 CVE-2022-30316 CVE-2022-30314	High	2022-07-26	2022-07-26
Experion PKS Path Traversal, Unrestricted Upload, and Improper Neutralization of Special Elements in Output Vulnerabilities ICSA-21-278-04	Experion PKS C200, C200E, C300, ACE Controllers	CVE-2021-38397 CVE-2021-38395 CVE-2021-38399	Critical	2021-10-05	2021-10-05
OPC UA Heap-Based Buffer Overflow, Out-of-Bounds Read, Improper check, and Uncontrolled Resource Consumption Vulnerabilities ICSA-21-021-03	OPC UA Tunneller versions prior to 6.3.0.8233	CVE-2020-27297 CVE-2020-27299 CVE-2020-27274 CVE-2020-27295	Critical	2021-01-21	2021-01-21
ControlEdge Cleartext Transmission Vulnerabilites ICSA-20-175-02	ControlEdge PLC R130.2, R140, R150, R151. ControlEdge RTU R101, R110, R140, R150, R151	CVE-2020-10628 CVE-2020-10624	Medium	2020-06-23	2020-06-23
WIN-PAK CSRF, Improper Neutralization of HTTP Headers, and Use of Obsolete Function Vulnerabilities ICSA-20-056-05	WIN-PAK 4.7.2 Web and Prior Versions	CVE-2020-7005 CVE-2020-6982 CVE-2020-6978	High	2020-02-25	2020-02-25
NWS Authentication Bypass and Path Traversal Vulnerabilities ICSA-20-051-03	Notifier Web Server (NWS) Version 5.50 and prior	CVE-2020-6972 CVE-2020-6974	Critical	2020-02-20	2020-02-20
INNControl 3 Improper Privilege Management Vulnerability ICSA-20-049-01	INNCOM INNControl 3 Version 3.21 and prior	CVE-2020-6968	Medium	2020-02-19	2020-02-19
Experion PKS Heap-Based Buffer Overflow, Stack-Based Buffer Overflow, Arbitrary Memory Write, Directory Traversal, and File Inclusion Vulnerabilities ICSA-14-352-01	Experion PKS R40x prior to R400.6, Experion PKS R41x prior to R410.6, Experion PKS R43x prior to R430.2	CVE-2014-9187 CVE-2014-9189 CVE-2014-5435 CVE-2014-5436 CVE-2014-9186	Critical	2019-04-10	2019-04-10
FALCON XSS and File Access to External Parties Vulnerabilities ICSA-14-175-01	FALCON Linux 2.04.01 and prior, FALCON XLWebExe 2.02.11 and prior	CVE-2014-2717 CVE-2014-3110	Medium	2014-06-24	2018-09-06
EBI, SymmetrE, and ComfortPoint Improper Input Validation Vulnerability ICSA-13-053-02A	EBI R310, R400.2, R410.1, R410.2. SymmetrE R310, R410.1, R410.2, CPO-M R100	CVE-2013-0108	Medium	2013-02-22	2018-09-06
HMIWeb Browser Buffer Overflow Vulnerability ICSA-12-150-01	Multiple Experion, Enterprise Building Manager, Honeywell Environmental Combustion and Controls Products, and Symmetre R400, R410.1	CVE-2012-0254	Medium	2012-03-09	2018-09-06
HART DMT Improper Input Validation Vulnerability ICSA-15-029-01	Multiple HART DMT Libraries	CVE-2014-9191	Low	2018-08-29	2018-08-29
Midas Path Traversal and Cleartext Transmission Vulnerabilities ICSA-15-309-02	Midas Version 1.13b1 and prior, Midas Black 2.13ba and prior	CVE-2015-7907 CVE-2015-7908	Critical	2018-08-27	2018-08-27
Experion PKS Directory Traversal Vulnerability ICSA-15-272-01	Experion PKS 310.x and prior	CVE-2007-6483	Critical	2018-08-27	2018-08-27
XL Web Controller Path Traversal Vulnerability ICSA-15-076-02	Multiple XLWeb Controller Versions	CVE-2015-0984	Critical	2018-08-27	2018-08-27
Uniformance Stack-based Buffer Overflow Vulnerability ICSA-16-070-02A	Uniformance PHD versions prior to R310.1.1.2, R320.1.0.2, and R321.1.1	CVE-2016-2280	High	2016-04-12	2018-08-23
XL Web II Controller Password Exposure Vulnerabilities ICSA-17-033-01	XL1000C500 XLWebExe-2-01-00 and prior, XLWeb 500 XLWebExe-1-02-08 and prior	CVE-2017-5139 CVE-2017-5140 CVE-2017-5141 CVE-2017-5142 CVE-2017-5143	Critical	2017-02-02	2017-02-02
Experion PKS Improper Inout Validation Vulnerability ICSA-16-301-01	Multiple Experion PKS Products	CVE-2016-8344	Low	2016-10-27	2016-10-27
ScanServer ActiveX Control Vulnerability ICSA-11-103-01A	ScanServer ActiveX Control Version 780.0.20.5 that is packaged with all SymmetrE Versions	NA	NA	2011-04-13	2014-03-13
TEMA Remote Installer ActiveX Vulnerability ICSA-11-285-01	EBI R310.1 - TEMA 4.8, 4.9, 4.10. EBI R400.2 SP1 - TEMA 5.2. EBI R410.1 - TEMA 5.3.0. EBI R410.2 - TEMA 5.3.1	NA	NA	2013-04-30	2013-04-30
MAXPRO NVR Computer: Intel® Chipset Uncontrolled Search Path Element Vulnerability 2024-06-25 01	MAXPRO SE NVR Rev D, XE NVR Rev D with Intel® Chipset Device Software before version 10.1.19444.8378	CVE-2023-28388	Medium	2024-06-25	2024-06-25
HID Mercury Intelligent Controller Command Injection, Unauthenticated Firmware, Buffer Overflow, Path Traversal Vulnerabilities 2022-06-02 01	LenelS2 Products integrated with HID Mercury Intelligent Controllers: LNL-X2210, LNL-2220, LNL-X3300, LNL-X4420, LNL-4420, S2-LP-1501, S2-LP-1502, S2-LP-2500, S2-LP-4502	CVE-2022-31479 CVE-2022-31480 CVE-2022-31481 CVE-2022-31482 CVE-2022-31483 CVE-2022-31484 CVE-2022-31485 CVE-2022-31486	Critical	2022-06-02	2022-06-02
LenelS2 OnGuard Client Authentication Bypass Vulnerability 2022-11-30 01	OnGuard Versions 7.5, 7.6, 8.0, 8.1	CVE-2022-37026	Critical	2022-11-30	2022-11-30
LenelS2 NetBox MOD_PROXY SSRF Vulnerability 2023-03-16 01	NetBox, NetBox Global, VRx, NetVR, Converged NetBox/VR, NetBox VRx, Quatro Products	CVE-2021-40438	Critical	2023-03-16	2023-03-16
MASmobile Classic Authorization Bypass Vulnerability 2023-06-15 01	MASmobile Classic	CVE-2023-36483	Medium	2023-06-15	2023-06-15
LenelS2 NetBox Hardcoded Credentials and Unauthenticated/authenticated RCE Vulnerabilities 2024-05-24 01	NetBox Products	CVE-2024-2420 CVE-2024-2421 CVE-2024-2422	Critical	2024-05-24	2024-05-24
LenelS2 NetBox Supply Chain Attack 2024-08-05 01	NetBox, VRx, NetVR Products	NA	NA	2024-08-05	2024-08-05
Honeywell Experion PKS, LX, and PlantCruise Heap and Stack-based Overflow, Unexpected Code Status, Uncontrolled Resource, Improper Encoding, Incorrect Comparison, and other data vulnerabilities ICSA-23-194-06	Experion PKS, LX, and PlantCruise versions prior to R520.2	9 CVEs	Critical	2023-07-13	2023-07-13
Honeywell OneWireless Command Injection, Insufficient Random Values, and Missing Auth Vulnerabilities ICSA-23-075-06	OneWireless Versions up to R322.1	CVE-2022-43485 CVE-2022-46361 CVE-2022-4240	Critical	2023-03-16	2023-03-16
Honeywell IP-AK2 Missing Auth. Vulnerability ICSA-19-297-02	IP-AK2 Access Control Panel Version 1.04.07 and prior	CVE-2019-13525	Medium	2019-10-24	2019-10-24

Security Impact Rating	CVSS Score
Critical	9.0 – 10.0
High	7.0 – 8.9
Medium	4.0 – 6.9
Low	1.0 – 3.9

Forms of Communication	Description
Security Notice	May be released to notify customers when a vulnerability is fixed.
Product Release Note/Update	Release notes may be used to communicate a launch of a new software/hardware product or a product update and may include latest changes, feature enhancements, or bug fixes/patches.
CVE Records	Records are released to inform stakeholders about specifics regarding the vulnerability discovered. The records may include information such as Common Vulnerability Enumeration (CVE) ID number, description of the security vulnerability, and references associated with the vulnerability such as vulnerability reports and advisories.
Media Statements	May be used to address any Honeywell related news or incidents.
End of Service Life Notice	An EOSL notice may be released to inform a Honeywell customer that the product will no longer be supported or sold.