CRITICAL🇵🇱 Wersja polska

CVE-2024-2422

CVSS 9.3v4.0pub. 2024-05-30upd. 2026-02-02

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Honeywell Lenels2 Netbox

    APP
    Honeywell
    < 5.6.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-2421CRITICAL9.3PL ✓ten sam produkt

Nieuwierzytelniony RCE w Honeywell LenelS2 NetBox (command injection)

CVE-2024-2420HIGH8.8ten sam produkt

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in v...

CVE-2026-3611CRITICAL10.0PL ✓ten sam vendor

Honeywell IQ4x — brak uwierzytelnienia w fabrycznym HMI (CWE-306)

CVE-2025-2605CRITICAL9.9PL ✓ten sam vendor

OS Command Injection w Honeywell MB-Secure i MB-Secure PRO (privilege abuse)

CVE-2023-5389CRITICAL9.1PL ✓ten sam vendor

Nieautoryzowana modyfikacja plików w Honeywell ControlEdge UOC i VirtualUOC