Risk Summary
Successful exploitation of these vulnerabilities allows an attacker to perform remote code execution.
CVEs (3)
Remediations
- Honeywell recommends users with potentially affected products take the following steps to protect themselves:
- Update WIN-PAK to latest version, WIN-PAK 4.7.2 B1072.3.4, before applying the patch, which is available on the Honeywell Mywebtech portal.
- As a best practice, Honeywell recommends users isolate systems from the Internet or create additional layers of defense to their system from the Internet by placing the affected hardware behind a firewall or into a DMZ.
- If remote connections to the network are required, consider using a VPN or other means to ensure secure remote connections into the network where the device is located.
- Do not click web links or open unsolicited attachments in email messages.
- Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
- Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Affected Vendors
Honeywell
Affected Products (1)
Honeywell
·
WIN-PAK
<= 4.7.2
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more