honeywell security advisories
4 threat alerts tracking vulnerabilities and security advisories that affect honeywell products.
Vulnios monitors honeywell CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent honeywell security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-3611 — honeywell — iq4e_firmware, iq4e
The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by d
criticalCVE-2026-3611Critical Vulnerability: CVE-2017-5142 — honeywell — xl_web_ii_controller
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the par
criticalCVE-2017-5142Critical Vulnerability: CVE-2017-5139 — honeywell — xl_web_ii_controller
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specif
criticalCVE-2017-5139Critical Vulnerability: CVE-2017-5140 — honeywell — xl_web_ii_controller
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.
criticalCVE-2017-5140
Track honeywell exposure across your environment
Vulnios automatically cross-references your asset inventory against new honeywell CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan