CVE-2022-43485

MEDIUM

Honeywell OneWireless <322.1 - JWT Token Manipulation

Title source: llm

Description

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1

References (1)

[Product] https://process.honeywell.com/

Scores

CVSS v3 6.2

EPSS 0.0005

EPSS Percentile 14.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-330

Status published

Products (1)

honeywell/onewireless_network_wireless_device_manager_firmware < r322.2

Published May 30, 2023

Tracked Since Feb 18, 2026