Honeywell HMIWeb Browser Buffer Overflow Vulnerability

CVEs (1)

Remediations

• Honeywell Process Solutions (HPS) and Honeywell Building Solutions (HBS) have released fixes for this vulnerability. HPS customers should download the security notification that describes the vulnerability and provides a link to the fixes at: (www.honeywellprocess.com) Select Support, then select Latest Notifications or use this link (https://www.honeywellprocess.com/en-US/support/pages/all-notifications.aspx). Open document SN 2012 03 09 01A Security Vulnerability in HMIWeb Browser. No login is required to view the document. However, login is required to download software using links in Honeywell’s SN document. HBS customers should contact their local account manager to arrange for updates to be applied by HBS service technicians.
• Honeywell Environmental Combustion and Control (ECC) SymmetrE customers or their contractors should use the URL below to obtain HMIWeb Browser update. Users should install this update on the SymmetrE server and workstation clients following the Software Release Bulletin instructions. The update can be found here: (https://extranet.honeywell.com/ecc/TheBuildingsForum) under the XL5000—SymmetrE section. Access to this Web site requires registration.
• Additional Precautions: Do not use a Station node to connect to the Internet for the purposes of Web browsing. If a Station node is connected to the Internet, do not use Station or Internet Explorer to browse the Internet, or limit this usage only to trusted Web sites.

Affected Vendors

Affected Products (3)