Vulnerabilites related to Honeywell - C300
CVE-2021-38395 (GCVE-0-2021-38395)
Vulnerability from cvelistv5
Published
2022-10-28 01:20
Modified
2025-04-16 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Injection
Summary
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Honeywell | Experion PKS |
Version: C200 Version: C200E Version: C300 Version: ACE controllers |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:47.454539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:07:52.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Experion PKS",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "C200"
},
{
"status": "affected",
"version": "C200E"
},
{
"status": "affected",
"version": "C300"
},
{
"status": "affected",
"version": "ACE controllers"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Honeywell Experion PKS and ACE Controllers Injection",
"workarounds": [
{
"lang": "en",
"value": "Honeywell recommends users follow all guidance in the Experion Network and Security Planning Guide to prevent attacks by malicious actors.\n\nAdditional information can be found in Honeywell Support document SN2021-02-22-01."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38395",
"datePublished": "2022-10-28T01:20:24.175Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:07:52.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25770 (GCVE-0-2023-25770)
Vulnerability from cvelistv5
Published
2023-07-13 10:59
Modified
2024-08-02 11:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:honeywell:c300:501.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "c300",
"vendor": "honeywell",
"versions": [
{
"lessThanOrEqual": "501.6hf8",
"status": "affected",
"version": "501.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:honeywell:c300:510.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "c300",
"vendor": "honeywell",
"versions": [
{
"lessThanOrEqual": "510.2hf12",
"status": "affected",
"version": "510.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:honeywell:c300:511.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "c300",
"vendor": "honeywell",
"versions": [
{
"lessThanOrEqual": "511.5tcu3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:honeywell:c300:520.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "c300",
"vendor": "honeywell",
"versions": [
{
"lessThanOrEqual": "520.1tcu4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:honeywell:c300:520.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "c300",
"vendor": "honeywell",
"versions": [
{
"lessThanOrEqual": "520.2tcu2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T18:26:04.535864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T19:15:35.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://process.honeywell.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "501.6HF8",
"status": "affected",
"version": "501.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "510.2HF12",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX",
"Experion PlantCruise"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
}
],
"value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-221",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-221 XML External Entities Blowup"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-22T16:03:06.413Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://process.honeywell.com"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Controller stack overflow on decoding messages from the server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-25770",
"datePublished": "2023-07-13T10:59:58.825Z",
"dateReserved": "2023-02-28T23:51:16.657Z",
"dateUpdated": "2024-08-02T11:32:12.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5407 (GCVE-0-2023-5407)
Vulnerability from cvelistv5
Published
2024-04-17 16:49
Modified
2024-08-08 15:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Controller denial of service due to improper handling of a specially crafted message received by the controller.
See Honeywell Security Notification for recommendations on upgrading and versioning.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://process.honeywell.com"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-24T14:30:38.880683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:49:07.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"changes": [
{
"at": "520.2 TCU4 HF1",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.2 TCU4",
"status": "affected",
"version": "520.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "510.2 HF14",
"status": "unaffected"
}
],
"lessThanOrEqual": "510.2 HF13",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"changes": [
{
"at": "520.1 TCU5",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.1 TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"changes": [
{
"at": "511.5 TCU4 HF4",
"status": "unaffected"
}
],
"lessThanOrEqual": "511.5 TCU4 HF3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"changes": [
{
"at": "520.2 TCU4 HF2",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.2 TCU4",
"status": "affected",
"version": "520.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "511.5 TCU4 HF4",
"status": "unaffected"
}
],
"lessThanOrEqual": "511.5 TCU4 HF3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"changes": [
{
"at": "520.1 TCU5",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.1 TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"PlantCruise by Experion"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"changes": [
{
"at": "520.2 TCU4 HF2",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.2 TCU4",
"status": "affected",
"version": "520.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "520.1 TCU5",
"status": "unaffected"
}
],
"lessThanOrEqual": "520.1 TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"changes": [
{
"at": "511.5 TCU4 HF4",
"status": "unaffected"
}
],
"lessThanOrEqual": "511.5 TCU4 HF3",
"status": "affected",
"version": "520.2 TCU4 HFR2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Controller denial of service due to improper handling of a specially crafted message received by the controller.\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e"
}
],
"value": "Controller denial of service due to improper handling of a specially crafted message received by the controller.\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T19:38:30.357Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://process.honeywell.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-5407",
"datePublished": "2024-04-17T16:49:16.900Z",
"dateReserved": "2023-10-04T17:50:55.299Z",
"dateUpdated": "2024-08-08T15:49:07.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24480 (GCVE-0-2023-24480)
Vulnerability from cvelistv5
Published
2023-07-13 10:57
Modified
2025-03-05 18:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Summary
Controller DoS due to stack overflow when decoding a message from the server.
See Honeywell Security Notification for recommendations on upgrading and versioning.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://process.honeywell.com"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:39:59.649573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:50:43.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "501.6HF8",
"status": "affected",
"version": "501.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "510.2HF12",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX",
"Experion PlantCruise"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Controller DoS due to stack overflow when decoding a message from the server.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
}
],
"value": "Controller DoS due to stack overflow when decoding a message from the server.\u00a0\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-173",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-173 Action Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-22T15:59:10.657Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://process.honeywell.com"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Controller stack overflow when decoding messages from the server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-24480",
"datePublished": "2023-07-13T10:57:46.879Z",
"dateReserved": "2023-02-28T23:51:16.652Z",
"dateUpdated": "2025-03-05T18:50:43.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38399 (GCVE-0-2021-38399)
Vulnerability from cvelistv5
Published
2022-10-28 01:19
Modified
2025-04-16 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Honeywell | Experion PKS |
Version: C200 Version: C200E Version: C300 Version: ACE controllers |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:50.707446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:07:59.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Experion PKS",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "C200"
},
{
"status": "affected",
"version": "C200E"
},
{
"status": "affected",
"version": "C300"
},
{
"status": "affected",
"version": "ACE controllers"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Honeywell Experion PKS and ACE Controllers Relative Path Traversal",
"workarounds": [
{
"lang": "en",
"value": "Honeywell recommends users follow all guidance in the Experion Network and Security Planning Guide to prevent attacks by malicious actors.\n\nAdditional information can be found in Honeywell Support document SN2021-02-22-01."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38399",
"datePublished": "2022-10-28T01:19:02.691Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:07:59.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5392 (GCVE-0-2023-5392)
Vulnerability from cvelistv5
Published
2024-04-11 19:19
Modified
2024-08-02 07:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "c300",
"vendor": "honeywell",
"versions": [
{
"lessThanOrEqual": "510.2_hf13",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5_tcu4_hf3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1_tcu4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2_tcu4",
"status": "affected",
"version": "520.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5_tcu4_hf3",
"status": "affected",
"version": "520.2_tcu4_hfr2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5392",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T18:49:08.032838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T20:14:06.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://process.honeywell.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU4",
"status": "affected",
"version": "520.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "510.2 HF13",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1 TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5 TCU4 HF3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU4",
"status": "affected",
"version": "520.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5 TCU4 HF3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1 TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"PlantCruise by Experion"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "520.2 TCU4",
"status": "affected",
"version": "520.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1 TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5 TCU4 HF3",
"status": "affected",
"version": "520.2 TCU4 HFR2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function.\u0026nbsp;Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
}
],
"value": "C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function.\u00a0Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-121",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-121"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1295",
"description": "CWE-1295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-25T16:53:35.336Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://process.honeywell.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-5392",
"datePublished": "2024-04-11T19:19:19.070Z",
"dateReserved": "2023-10-04T17:50:45.390Z",
"dateUpdated": "2024-08-02T07:59:44.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26597 (GCVE-0-2023-26597)
Vulnerability from cvelistv5
Published
2023-07-13 11:04
Modified
2025-03-05 18:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://process.honeywell.com"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:38:43.280343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:50:22.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "501.6HF8",
"status": "affected",
"version": "501.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "510.2HF12",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX",
"Experion PlantCruise"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-22T16:01:10.959Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://process.honeywell.com"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Controller DOS on sending error response",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-26597",
"datePublished": "2023-07-13T11:04:55.153Z",
"dateReserved": "2023-02-28T23:51:16.647Z",
"dateUpdated": "2025-03-05T18:50:22.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38397 (GCVE-0-2021-38397)
Vulnerability from cvelistv5
Published
2022-10-28 01:21
Modified
2025-04-16 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Honeywell | Experion PKS |
Version: C200 Version: C200E Version: C300 Version: ACE controllers |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:15.692298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:07:44.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Experion PKS",
"vendor": "Honeywell",
"versions": [
{
"status": "affected",
"version": "C200"
},
{
"status": "affected",
"version": "C200E"
},
{
"status": "affected",
"version": "C300"
},
{
"status": "affected",
"version": "ACE controllers"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type",
"workarounds": [
{
"lang": "en",
"value": "Honeywell recommends users follow all guidance in the Experion Network and Security Planning Guide to prevent attacks by malicious actors.\n\nAdditional information can be found in Honeywell Support document SN2021-02-22-01."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38397",
"datePublished": "2022-10-28T01:21:35.576Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:07:44.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25178 (GCVE-0-2023-25178)
Vulnerability from cvelistv5
Published
2023-07-13 10:59
Modified
2025-03-05 18:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Summary
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://process.honeywell.com"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:39:56.713815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:50:28.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "501.6HF8",
"status": "affected",
"version": "501.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "510.2HF12",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX",
"Experion PlantCruise"
],
"product": "C300",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Controller may be loaded with malicious firmware which could enable remote code execution.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
}
],
"value": "Controller may be loaded with malicious firmware which could enable remote code execution.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-638",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-638 Altered Component Firmware"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-22T16:03:44.238Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://process.honeywell.com"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Controller design flaw - unsigned firmware",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-25178",
"datePublished": "2023-07-13T10:59:16.333Z",
"dateReserved": "2023-02-28T23:51:16.663Z",
"dateUpdated": "2025-03-05T18:50:28.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-10-28 02:15
Modified
2024-11-21 06:17
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| honeywell | c200_firmware | - | |
| honeywell | c200 | - | |
| honeywell | c200e_firmware | - | |
| honeywell | c200e | - | |
| honeywell | c300_firmware | - | |
| honeywell | c300 | - | |
| honeywell | application_control_environment_firmware | - | |
| honeywell | application_control_environment | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89205AE1-0EE7-4665-8FE6-5312EAD5FB2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F154A3-2438-4420-8B6E-E0521376714E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c200e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B06800D-443D-4237-8E91-98735E5EA148",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c200e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACB0AD6-5A19-4DEC-9F47-03EC6FA80AC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C79B7D1-630B-4723-BFCA-66F03F93D1FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA14D67-E320-490E-92E6-CC135EBBA245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:application_control_environment_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83F4F4B6-E05B-43B9-96ED-02919E42AFCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:application_control_environment:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C79B55A-11AB-441E-A544-9678616E9BA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories."
},
{
"lang": "es",
"value": "Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables al Path Traversal relativa, lo que puede permitir que un atacante acceda a archivos y directorios no autorizados."
}
],
"id": "CVE-2021-38399",
"lastModified": "2024-11-21T06:17:00.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-28T02:15:17.040",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 11:15
Modified
2024-11-21 07:49
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B1523A-A717-4BE3-97B1-5634188EAAF9",
"versionEndIncluding": "501.6hf8",
"versionStartIncluding": "501.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F01D307E-1DD4-4B16-A1EF-81503E5C7CF1",
"versionEndIncluding": "510.2hf12",
"versionStartIncluding": "510.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAAF640-4704-4BEA-AB36-911B08227497",
"versionEndIncluding": "511.5tcu3",
"versionStartIncluding": "511.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "254FC5F7-6F70-4E38-95B8-E0042AB3321F",
"versionEndIncluding": "520.1tcu4",
"versionStartIncluding": "520.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F075CA91-AFC8-4463-9D02-BE45F98E4840",
"versionEndIncluding": "520.2tcu2",
"versionStartIncluding": "520.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA14D67-E320-490E-92E6-CC135EBBA245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Controller may be loaded with malicious firmware which could enable remote code execution.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
}
],
"id": "CVE-2023-25178",
"lastModified": "2024-11-21T07:49:15.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-13T11:15:09.123",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Product"
],
"url": "https://process.honeywell.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://process.honeywell.com"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 12:15
Modified
2024-11-21 07:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B1523A-A717-4BE3-97B1-5634188EAAF9",
"versionEndIncluding": "501.6hf8",
"versionStartIncluding": "501.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F01D307E-1DD4-4B16-A1EF-81503E5C7CF1",
"versionEndIncluding": "510.2hf12",
"versionStartIncluding": "510.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAAF640-4704-4BEA-AB36-911B08227497",
"versionEndIncluding": "511.5tcu3",
"versionStartIncluding": "511.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "254FC5F7-6F70-4E38-95B8-E0042AB3321F",
"versionEndIncluding": "520.1tcu4",
"versionStartIncluding": "520.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F075CA91-AFC8-4463-9D02-BE45F98E4840",
"versionEndIncluding": "520.2tcu2",
"versionStartIncluding": "520.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA14D67-E320-490E-92E6-CC135EBBA245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
}
],
"id": "CVE-2023-26597",
"lastModified": "2024-11-21T07:51:49.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-13T12:15:09.253",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Product"
],
"url": "https://process.honeywell.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://process.honeywell.com"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 11:15
Modified
2024-11-21 07:47
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Controller DoS due to stack overflow when decoding a message from the server.
See Honeywell Security Notification for recommendations on upgrading and versioning.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B1523A-A717-4BE3-97B1-5634188EAAF9",
"versionEndIncluding": "501.6hf8",
"versionStartIncluding": "501.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F01D307E-1DD4-4B16-A1EF-81503E5C7CF1",
"versionEndIncluding": "510.2hf12",
"versionStartIncluding": "510.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAAF640-4704-4BEA-AB36-911B08227497",
"versionEndIncluding": "511.5tcu3",
"versionStartIncluding": "511.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "254FC5F7-6F70-4E38-95B8-E0042AB3321F",
"versionEndIncluding": "520.1tcu4",
"versionStartIncluding": "520.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F075CA91-AFC8-4463-9D02-BE45F98E4840",
"versionEndIncluding": "520.2tcu2",
"versionStartIncluding": "520.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA14D67-E320-490E-92E6-CC135EBBA245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Controller DoS due to stack overflow when decoding a message from the server.\u00a0\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
}
],
"id": "CVE-2023-24480",
"lastModified": "2024-11-21T07:47:56.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-13T11:15:08.997",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Product"
],
"url": "https://process.honeywell.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://process.honeywell.com"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 11:15
Modified
2024-11-21 07:50
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300_firmware | * | |
| honeywell | c300 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B1523A-A717-4BE3-97B1-5634188EAAF9",
"versionEndIncluding": "501.6hf8",
"versionStartIncluding": "501.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F01D307E-1DD4-4B16-A1EF-81503E5C7CF1",
"versionEndIncluding": "510.2hf12",
"versionStartIncluding": "510.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAAF640-4704-4BEA-AB36-911B08227497",
"versionEndIncluding": "511.5tcu3",
"versionStartIncluding": "511.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "254FC5F7-6F70-4E38-95B8-E0042AB3321F",
"versionEndIncluding": "520.1tcu4",
"versionStartIncluding": "520.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F075CA91-AFC8-4463-9D02-BE45F98E4840",
"versionEndIncluding": "520.2tcu2",
"versionStartIncluding": "520.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA14D67-E320-490E-92E6-CC135EBBA245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
}
],
"id": "CVE-2023-25770",
"lastModified": "2024-11-21T07:50:10.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-13T11:15:09.183",
"references": [
{
"source": "psirt@honeywell.com",
"tags": [
"Product"
],
"url": "https://process.honeywell.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://process.honeywell.com"
}
],
"sourceIdentifier": "psirt@honeywell.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "psirt@honeywell.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-28 02:15
Modified
2024-11-21 06:16
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Mitigation, Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| honeywell | c200_firmware | - | |
| honeywell | c200 | - | |
| honeywell | c200e_firmware | - | |
| honeywell | c200e | - | |
| honeywell | c300_firmware | - | |
| honeywell | c300 | - | |
| honeywell | application_control_environment_firmware | - | |
| honeywell | application_control_environment | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89205AE1-0EE7-4665-8FE6-5312EAD5FB2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F154A3-2438-4420-8B6E-E0521376714E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c200e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B06800D-443D-4237-8E91-98735E5EA148",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c200e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACB0AD6-5A19-4DEC-9F47-03EC6FA80AC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C79B7D1-630B-4723-BFCA-66F03F93D1FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA14D67-E320-490E-92E6-CC135EBBA245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:application_control_environment_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83F4F4B6-E05B-43B9-96ED-02919E42AFCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:application_control_environment:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C79B55A-11AB-441E-A544-9678616E9BA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition."
},
{
"lang": "es",
"value": "Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables a una neutralizaci\u00f3n inadecuada de elementos especiales en la salida, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario de forma remota y provocar una condici\u00f3n de Denegaci\u00f3n de Servicio."
}
],
"id": "CVE-2021-38395",
"lastModified": "2024-11-21T06:16:59.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-28T02:15:16.857",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-28 02:15
Modified
2024-11-21 06:16
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| honeywell | c200_firmware | - | |
| honeywell | c200 | - | |
| honeywell | c200e_firmware | - | |
| honeywell | c200e | - | |
| honeywell | c300_firmware | - | |
| honeywell | c300 | - | |
| honeywell | application_control_environment_firmware | - | |
| honeywell | application_control_environment | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89205AE1-0EE7-4665-8FE6-5312EAD5FB2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F154A3-2438-4420-8B6E-E0521376714E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c200e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B06800D-443D-4237-8E91-98735E5EA148",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c200e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACB0AD6-5A19-4DEC-9F47-03EC6FA80AC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:c300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C79B7D1-630B-4723-BFCA-66F03F93D1FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA14D67-E320-490E-92E6-CC135EBBA245",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:application_control_environment_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83F4F4B6-E05B-43B9-96ED-02919E42AFCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:application_control_environment:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C79B55A-11AB-441E-A544-9678616E9BA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition."
},
{
"lang": "es",
"value": "Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables a la carga de archivos sin restricciones, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario de forma remota y provocar una condici\u00f3n de Denegaci\u00f3n de Servicio."
}
],
"id": "CVE-2021-38397",
"lastModified": "2024-11-21T06:16:59.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-28T02:15:16.953",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}