LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XHoneywell Lenels2 Netbox
APPHoneywell< 5.6.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
Related vulnerabilities
CVE-2024-2422CRITICAL9.3PL ✓ten sam produkt
Uwierzytelniony RCE w LenelS2 NetBox (wersje do 5.6.1 włącznie)
CVE-2024-2420HIGH8.8ten sam produkt
LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in v...
CVE-2026-3611CRITICAL10.0PL ✓ten sam vendor
Honeywell IQ4x — brak uwierzytelnienia w fabrycznym HMI (CWE-306)
CVE-2025-2605CRITICAL9.9PL ✓ten sam vendor
OS Command Injection w Honeywell MB-Secure i MB-Secure PRO (privilege abuse)
CVE-2023-5389CRITICAL9.1PL ✓ten sam vendor
Nieautoryzowana modyfikacja plików w Honeywell ControlEdge UOC i VirtualUOC