Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for C300 by Honeywell

    CVE-2023-5407 (GCVE-0-2023-5407)

    Vulnerability from nvd – Published: 2024-04-17 16:49 – Updated: 2024-08-08 15:49
    VLAI
    Summary
    Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5407",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-24T14:30:38.880683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T15:49:07.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "510.2 HF14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Controller denial of service due to improper handling of a specially crafted message received by the controller.\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e"
                }
              ],
              "value": "Controller denial of service due to improper handling of a specially crafted message received by the controller.\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T19:38:30.357Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5407",
        "datePublished": "2024-04-17T16:49:16.900Z",
        "dateReserved": "2023-10-04T17:50:55.299Z",
        "dateUpdated": "2024-08-08T15:49:07.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5392 (GCVE-0-2023-5392)

    Vulnerability from nvd – Published: 2024-04-11 19:19 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell c300 Affected: 510.1 , ≤ 510.2_hf13 (semver)
    Affected: 511.1 , ≤ 511.5_tcu4_hf3 (semver)
    Affected: 520.1 , ≤ 520.1_tcu4 (semver)
    Affected: 520.2 , ≤ 520.2_tcu4 (semver)
    Affected: 520.2_tcu4_hfr2 , ≤ 511.5_tcu4_hf3 (semver)
        cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "510.2_hf13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1_tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.2_tcu4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "520.2_tcu4_hfr2",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5392",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T18:49:08.032838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T20:14:06.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function.\u0026nbsp;Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
                }
              ],
              "value": "C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function.\u00a0Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-121",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-121"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1295",
                  "description": "CWE-1295",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:53:35.336Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5392",
        "datePublished": "2024-04-11T19:19:19.070Z",
        "dateReserved": "2023-10-04T17:50:45.390Z",
        "dateUpdated": "2024-08-02T07:59:44.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5407 (GCVE-0-2023-5407)

    Vulnerability from cvelistv5 – Published: 2024-04-17 16:49 – Updated: 2024-08-08 15:49
    VLAI
    Summary
    Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5407",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-24T14:30:38.880683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T15:49:07.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "510.2 HF14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Controller denial of service due to improper handling of a specially crafted message received by the controller.\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e"
                }
              ],
              "value": "Controller denial of service due to improper handling of a specially crafted message received by the controller.\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T19:38:30.357Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5407",
        "datePublished": "2024-04-17T16:49:16.900Z",
        "dateReserved": "2023-10-04T17:50:55.299Z",
        "dateUpdated": "2024-08-08T15:49:07.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5392 (GCVE-0-2023-5392)

    Vulnerability from cvelistv5 – Published: 2024-04-11 19:19 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell c300 Affected: 510.1 , ≤ 510.2_hf13 (semver)
    Affected: 511.1 , ≤ 511.5_tcu4_hf3 (semver)
    Affected: 520.1 , ≤ 520.1_tcu4 (semver)
    Affected: 520.2 , ≤ 520.2_tcu4 (semver)
    Affected: 520.2_tcu4_hfr2 , ≤ 511.5_tcu4_hf3 (semver)
        cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "510.2_hf13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1_tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.2_tcu4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "520.2_tcu4_hfr2",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5392",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T18:49:08.032838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T20:14:06.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function.\u0026nbsp;Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
                }
              ],
              "value": "C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function.\u00a0Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-121",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-121"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1295",
                  "description": "CWE-1295",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:53:35.336Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5392",
        "datePublished": "2024-04-11T19:19:19.070Z",
        "dateReserved": "2023-10-04T17:50:45.390Z",
        "dateUpdated": "2024-08-02T07:59:44.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }