Search

Find a vulnerability

Search criteria

    35 vulnerabilities found for Experion Server by Honeywell

    VAR-202404-1533

    Vulnerability from variot - Updated: 2024-08-14 13:19

    Controller denial of service due to improper handling of a specially crafted message received by the controller.

    See Honeywell Security Notification for recommendations on upgrading and versioning. Honeywell Experion Server is a high-performance industrial control system server from Honeywell, USA, mainly used in the Experion Process Knowledge System (PKS) platform.

    Honeywell Experion Server has a denial of service vulnerability. Attackers can exploit this vulnerability to cause the controller to deny service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-1533",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "experion server",
            "scope": null,
            "trust": 0.6,
            "vendor": "honeywell",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          }
        ]
      },
      "cve": "CVE-2023-5407",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 5.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2024-24960",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "psirt@honeywell.com",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "id": "CVE-2023-5407",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "psirt@honeywell.com",
                "id": "CVE-2023-5407",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-24960",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5407"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Controller denial of service due to improper handling of a specially crafted message received by the controller. \n\nSee Honeywell Security Notification for recommendations on upgrading and versioning. Honeywell Experion Server is a high-performance industrial control system server from Honeywell, USA, mainly used in the Experion Process Knowledge System (PKS) platform. \n\nHoneywell Experion Server has a denial of service vulnerability. Attackers can exploit this vulnerability to cause the controller to deny service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-5407"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-5407",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-24960",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5407"
          }
        ]
      },
      "id": "VAR-202404-1533",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          }
        ]
      },
      "last_update_date": "2024-08-14T13:19:18.070000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Honeywell Experion Server Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/548956"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-5407"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://process.honeywell.com"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-5407"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5407"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5407"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-05-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          },
          {
            "date": "2024-04-17T17:15:14.650000",
            "db": "NVD",
            "id": "CVE-2023-5407"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-05-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          },
          {
            "date": "2024-07-09T20:15:09.140000",
            "db": "NVD",
            "id": "CVE-2023-5407"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Honeywell Experion Server Denial of Service Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-24960"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-5406 (GCVE-0-2023-5406)

    Vulnerability from nvd – Published: 2024-04-17 16:47 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5406",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T14:00:17.610687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T14:00:27.382Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "510.2 HF14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server communication with a controller can lead to remote code execution using a specially crafted message from the controller.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e"
                }
              ],
              "value": "Server communication with a controller can lead to remote code execution using a specially crafted message from the controller.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T19:39:39.707Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5406",
        "datePublished": "2024-04-17T16:47:50.336Z",
        "dateReserved": "2023-10-04T17:50:54.642Z",
        "dateUpdated": "2024-08-02T07:59:44.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5405 (GCVE-0-2023-5405)

    Vulnerability from nvd – Published: 2024-04-17 16:46 – Updated: 2025-02-06 16:54
    VLAI
    Summary
    Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Unaffected: 510.1
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "510.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-23T19:50:22.844378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T16:54:27.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.586Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "510.2 HF14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e"
                }
              ],
              "value": "Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T19:53:16.536Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5405",
        "datePublished": "2024-04-17T16:46:29.950Z",
        "dateReserved": "2023-10-04T17:50:54.177Z",
        "dateUpdated": "2025-02-06T16:54:27.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5404 (GCVE-0-2023-5404)

    Vulnerability from nvd – Published: 2024-04-17 16:44 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 520.2, 510.1, 520.1, 511.1, 520.2, 511.1
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "520.2, 510.1, 520.1, 511.1, 520.2, 511.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5404",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T18:36:32.635602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:28:37.686Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.850Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "510.2 HF14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e"
                }
              ],
              "value": "Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T19:55:07.106Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5404",
        "datePublished": "2024-04-17T16:44:37.703Z",
        "dateReserved": "2023-10-04T17:50:53.624Z",
        "dateUpdated": "2024-08-02T07:59:44.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5403 (GCVE-0-2023-5403)

    Vulnerability from nvd – Published: 2024-04-17 16:43 – Updated: 2024-08-29 19:38
    VLAI
    Summary
    Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 511.5tcu4hf3 , ≤ 20.2tcu4hfr2 (semver)
    Affected: 510.1 , ≤ 510.2_hf13 (semver)
    Affected: 520.1 , ≤ 520.1_tcu4 (semver)
    Affected: 511.1 , ≤ 511.5_tcu4_hf3 (semver)
    Affected: 520.2 , ≤ 520.2_tcu4 (semver)
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "20.2tcu4hfr2",
                    "status": "affected",
                    "version": "511.5tcu4hf3",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "510.2_hf13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1_tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.2_tcu4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5403",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T13:43:42.943158Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T19:38:53.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure.\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure.\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T17:00:27.977Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5403",
        "datePublished": "2024-04-17T16:43:54.036Z",
        "dateReserved": "2023-10-04T17:50:52.659Z",
        "dateUpdated": "2024-08-29T19:38:53.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5401 (GCVE-0-2023-5401)

    Vulnerability from nvd – Published: 2024-04-17 16:42 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2 TCU4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "510.2 HF13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1 TCU4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5 TCU4 HF3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5 TCU4 HF3",
                    "status": "affected",
                    "version": "520.2 TCU4 HFR2",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T14:00:59.742038Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T15:07:20.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.782Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-47",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-47"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:59:37.083Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5401",
        "datePublished": "2024-04-17T16:42:00.403Z",
        "dateReserved": "2023-10-04T17:50:52.064Z",
        "dateUpdated": "2024-08-02T07:59:44.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5400 (GCVE-0-2023-5400)

    Vulnerability from nvd – Published: 2024-04-17 16:41 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.  See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: *
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5400",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T19:39:14.509795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:28:46.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.742Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.\u0026nbsp;\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.\u00a0\nSee Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-47",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-47"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:58:40.848Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5400",
        "datePublished": "2024-04-17T16:41:10.932Z",
        "dateReserved": "2023-10-04T17:50:51.561Z",
        "dateUpdated": "2024-08-02T07:59:44.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5398 (GCVE-0-2023-5398)

    Vulnerability from nvd – Published: 2024-04-17 16:40 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 520.2 , ≤ 520.2_tcu4 (semver)
        cpe:2.3:a:honeywell:experion_server:520.2:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 510.1 , ≤ 510.2_hf13 (semver)
        cpe:2.3:a:honeywell:experion_server:510.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 520.1 , ≤ 520.1_tcu4 (custom)
        cpe:2.3:a:honeywell:experion_server:520.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 511.1 , ≤ 511.5_tcu4_hf3 (custom)
        cpe:2.3:a:honeywell:experion_server:511.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:520.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2_tcu4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:510.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "510.2_hf13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:520.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.1_tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:511.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-19T13:03:36.390624Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T19:39:56.991Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.650Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1327",
                  "description": "CWE-1327",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:58:13.998Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5398",
        "datePublished": "2024-04-17T16:40:10.248Z",
        "dateReserved": "2023-10-04T17:50:51.025Z",
        "dateUpdated": "2024-08-02T07:59:44.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5397 (GCVE-0-2023-5397)

    Vulnerability from nvd – Published: 2024-04-17 16:38 – Updated: 2024-08-08 15:58
    VLAI
    Summary
    Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 520.2 , ≤ 520.2_tcu4 (custom)
    Affected: 510.1 , ≤ 510.2_hf13 (custom)
    Affected: 520.1 , ≤ 520.1_tcu4 (custom)
    Affected: 511.1 , ≤ 511.5_tcu4_hf3 (custom)
    Affected: 520.2_tcu4_hfr2 , ≤ 511.5_tcu4_hf3 (custom)
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2_tcu4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "510.2_hf13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "520.1_tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "520.2_tcu4_hfr2",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "descriptions": [
              {
                "lang": "en",
                "value": "Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning."
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS",
                "scenarios": [
                  {
                    "lang": "en",
                    "value": "GENERAL"
                  }
                ]
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5397",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T15:49:52.243408Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T15:58:57.657Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:57:19.348Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5397",
        "datePublished": "2024-04-17T16:38:21.534Z",
        "dateReserved": "2023-10-04T17:50:50.454Z",
        "dateUpdated": "2024-08-08T15:58:57.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5396 (GCVE-0-2023-5396)

    Vulnerability from nvd – Published: 2024-04-17 16:37 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5396",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T16:06:28.333552Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-24T18:06:59.537Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.711Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-256",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-256"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-805",
                  "description": "CWE-805",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:49:53.901Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5396",
        "datePublished": "2024-04-17T16:37:41.106Z",
        "dateReserved": "2023-10-04T17:50:48.303Z",
        "dateUpdated": "2024-08-02T07:59:44.711Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5395 (GCVE-0-2023-5395)

    Vulnerability from nvd – Published: 2024-04-17 16:37 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 520.2 , ≤ 520.2_tcu4 (semver)
        cpe:2.3:a:honeywell:experion_server:520.2:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 510.1 , ≤ 510.2_hf13 (semver)
        cpe:2.3:a:honeywell:experion_server:510.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 520.1 , ≤ 520.1_tcu4 (custom)
        cpe:2.3:a:honeywell:experion_server:520.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 511.1 , ≤ 511.5_tcu4_hf3 (custom)
        cpe:2.3:a:honeywell:experion_server:511.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:520.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2_tcu4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:510.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "510.2_hf13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:520.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.1_tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:511.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-23T18:42:52.918169Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T18:58:46.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "510.2 HF14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:56:40.621Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5395",
        "datePublished": "2024-04-17T16:37:00.868Z",
        "dateReserved": "2023-10-04T17:50:47.748Z",
        "dateUpdated": "2024-08-02T07:59:44.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5394 (GCVE-0-2023-5394)

    Vulnerability from nvd – Published: 2024-04-11 19:21 – Updated: 2024-08-09 20:13
    VLAI
    Summary
    Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_process_knowledge_system Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
        cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_lx Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
        cpe:2.3:h:honeywell:experion_lx:*:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell plantcruise Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
        cpe:2.3:a:honeywell:plantcruise:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "experion_process_knowledge_system",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2 TCU4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "510.2 HF13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1 TCU4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5 TCU4 HF3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:experion_lx:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "experion_lx",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2 TCU4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5 TCU4 HF3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1 TCU4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:plantcruise:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "plantcruise",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2 TCU4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1 TCU4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5 TCU4 HF3",
                    "status": "affected",
                    "version": "520.2 TCU4 HFR2",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T20:06:35.980311Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T20:13:47.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution.\u0026nbsp;Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
                }
              ],
              "value": "Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution.\u00a0Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-123",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-123"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:56:10.283Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5394",
        "datePublished": "2024-04-11T19:21:52.796Z",
        "dateReserved": "2023-10-04T17:50:47.250Z",
        "dateUpdated": "2024-08-09T20:13:47.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5393 (GCVE-0-2023-5393)

    Vulnerability from nvd – Published: 2024-04-11 19:20 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Unaffected: 520.2 , < 520.2 TCU4 (semver)
    Unaffected: 510.1 , < 510.2 HF13 (semver)
    Unaffected: 520.1 , < 520.1 TCU4 (semver)
    Unaffected: 511.1 , < 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5393",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-15T18:37:37.313463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:28:36.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.301Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThan": "520.2 TCU4",
                  "status": "unaffected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "510.2 HF13",
                  "status": "unaffected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThan": "520.1 TCU4",
                  "status": "unaffected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThan": "511.5 TCU4 HF3",
                  "status": "unaffected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.\u003cbr\u003e\u003cbr\u003e \n\n\u003cbr\u003e"
                }
              ],
              "value": "Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-47",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-47"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "CWE-130",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:55:04.443Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5393",
        "datePublished": "2024-04-11T19:20:20.553Z",
        "dateReserved": "2023-10-04T17:50:46.496Z",
        "dateUpdated": "2024-08-02T07:59:44.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25948 (GCVE-0-2023-25948)

    Vulnerability from nvd – Published: 2023-07-13 11:09 – Updated: 2025-03-05 18:50
    VLAI
    Title
    Server Data type confusion - info leak
    Summary
    Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-394 - Unexpected Status Code or Return Value
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Experion Station Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Engineering Station Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Direct Station Affected: 510.5 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:39:06.184Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25948",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:38:39.637263Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:50:14.570Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "Engineering Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "Direct Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server information leak of configuration data when an error is generated in response to a specially crafted message.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
                }
              ],
              "value": "Server information leak of configuration data when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-6",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-6: Argument Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-394",
                  "description": "CWE-394 Unexpected Status Code or Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T16:00:47.166Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Server Data type confusion - info leak ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-25948",
        "datePublished": "2023-07-13T11:09:30.893Z",
        "dateReserved": "2023-02-28T23:51:16.642Z",
        "dateUpdated": "2025-03-05T18:50:14.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25078 (GCVE-0-2023-25078)

    Vulnerability from nvd – Published: 2023-07-13 10:58 – Updated: 2025-03-05 18:50
    VLAI
    Title
    DoS due to heap overflow
    Summary
    Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.  See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Experion Station Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Engineering Station Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Direct Station Affected: 510.5 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.708Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25078",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:39:58.130317Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:50:35.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "Engineering Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "Direct Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
                }
              ],
              "value": "Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.\u00a0\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-10",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-10 Buffer Overflow via Environment Variables"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T16:00:21.949Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "DoS due to heap overflow",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-25078",
        "datePublished": "2023-07-13T10:58:33.546Z",
        "dateReserved": "2023-02-28T23:51:16.636Z",
        "dateUpdated": "2025-03-05T18:50:35.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24474 (GCVE-0-2023-24474)

    Vulnerability from nvd – Published: 2023-07-13 10:56 – Updated: 2024-11-12 17:04
    VLAI
    Title
    Server deserialization missing boundary checks - heap overflow in communication between server and controller
    Summary
    Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Experion Station Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Engineering Station Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Direct Station Affected: 510.5 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:04.197Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24474",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T17:03:56.537365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T17:04:04.961Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "Engineering Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "Direct Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message"
                }
              ],
              "value": "Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100: Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T10:56:01.848Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Server deserialization missing boundary checks - heap overflow in communication between server and controller",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-24474",
        "datePublished": "2023-07-13T10:56:01.848Z",
        "dateReserved": "2023-02-28T23:51:16.673Z",
        "dateUpdated": "2024-11-12T17:04:04.961Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23585 (GCVE-0-2023-23585)

    Vulnerability from nvd – Published: 2023-07-13 10:54 – Updated: 2025-03-05 18:50
    VLAI
    Title
    Server DoS due to heap overflow
    Summary
    Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.  See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Experion Station Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Engineering Station Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Direct Station Affected: 510.5 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:35:33.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23585",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:40:01.205939Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:50:52.406Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "Engineering Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "Direct Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
                }
              ],
              "value": "Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.\u00a0\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T16:00:01.628Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Server DoS due to heap overflow",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-23585",
        "datePublished": "2023-07-13T10:54:59.559Z",
        "dateReserved": "2023-02-28T23:51:16.629Z",
        "dateUpdated": "2025-03-05T18:50:52.406Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22435 (GCVE-0-2023-22435)

    Vulnerability from nvd – Published: 2023-07-13 10:53 – Updated: 2025-03-05 18:51
    VLAI
    Title
    Server bad parsing implementation - stack overflow in server::get_db_path_for_driver
    Summary
    Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Experion Station Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Engineering Station Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell Direct Station Affected: 510.5 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:07:06.538Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22435",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:38:47.736506Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:51:02.643Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "Engineering Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "Direct Station",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Experion server may experience a DoS due to a stack overflow when handling a specially crafted message."
                }
              ],
              "value": "Experion server may experience a DoS due to a stack overflow when handling a specially crafted message."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-231",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-231: Oversized Serialized Data Payloads"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-697",
                  "description": "CWE-697: Incorrect Comparison",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T10:53:44.794Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": " Server bad parsing implementation - stack overflow in server::get_db_path_for_driver",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-22435",
        "datePublished": "2023-07-13T10:53:44.794Z",
        "dateReserved": "2023-02-28T23:51:16.667Z",
        "dateUpdated": "2025-03-05T18:51:02.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5406 (GCVE-0-2023-5406)

    Vulnerability from cvelistv5 – Published: 2024-04-17 16:47 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5406",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T14:00:17.610687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T14:00:27.382Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "510.2 HF14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server communication with a controller can lead to remote code execution using a specially crafted message from the controller.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e"
                }
              ],
              "value": "Server communication with a controller can lead to remote code execution using a specially crafted message from the controller.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T19:39:39.707Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5406",
        "datePublished": "2024-04-17T16:47:50.336Z",
        "dateReserved": "2023-10-04T17:50:54.642Z",
        "dateUpdated": "2024-08-02T07:59:44.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5405 (GCVE-0-2023-5405)

    Vulnerability from cvelistv5 – Published: 2024-04-17 16:46 – Updated: 2025-02-06 16:54
    VLAI
    Summary
    Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Unaffected: 510.1
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "510.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-23T19:50:22.844378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T16:54:27.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.586Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "510.2 HF14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e"
                }
              ],
              "value": "Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T19:53:16.536Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5405",
        "datePublished": "2024-04-17T16:46:29.950Z",
        "dateReserved": "2023-10-04T17:50:54.177Z",
        "dateUpdated": "2025-02-06T16:54:27.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5404 (GCVE-0-2023-5404)

    Vulnerability from cvelistv5 – Published: 2024-04-17 16:44 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 520.2, 510.1, 520.1, 511.1, 520.2, 511.1
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "520.2, 510.1, 520.1, 511.1, 520.2, 511.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5404",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T18:36:32.635602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:28:37.686Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.850Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "510.2 HF14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e"
                }
              ],
              "value": "Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T19:55:07.106Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5404",
        "datePublished": "2024-04-17T16:44:37.703Z",
        "dateReserved": "2023-10-04T17:50:53.624Z",
        "dateUpdated": "2024-08-02T07:59:44.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5403 (GCVE-0-2023-5403)

    Vulnerability from cvelistv5 – Published: 2024-04-17 16:43 – Updated: 2024-08-29 19:38
    VLAI
    Summary
    Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 511.5tcu4hf3 , ≤ 20.2tcu4hfr2 (semver)
    Affected: 510.1 , ≤ 510.2_hf13 (semver)
    Affected: 520.1 , ≤ 520.1_tcu4 (semver)
    Affected: 511.1 , ≤ 511.5_tcu4_hf3 (semver)
    Affected: 520.2 , ≤ 520.2_tcu4 (semver)
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "20.2tcu4hfr2",
                    "status": "affected",
                    "version": "511.5tcu4hf3",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "510.2_hf13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1_tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.2_tcu4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5403",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T13:43:42.943158Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T19:38:53.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure.\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure.\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T17:00:27.977Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5403",
        "datePublished": "2024-04-17T16:43:54.036Z",
        "dateReserved": "2023-10-04T17:50:52.659Z",
        "dateUpdated": "2024-08-29T19:38:53.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5401 (GCVE-0-2023-5401)

    Vulnerability from cvelistv5 – Published: 2024-04-17 16:42 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2 TCU4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "510.2 HF13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1 TCU4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5 TCU4 HF3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5 TCU4 HF3",
                    "status": "affected",
                    "version": "520.2 TCU4 HFR2",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T14:00:59.742038Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T15:07:20.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.782Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-47",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-47"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:59:37.083Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5401",
        "datePublished": "2024-04-17T16:42:00.403Z",
        "dateReserved": "2023-10-04T17:50:52.064Z",
        "dateUpdated": "2024-08-02T07:59:44.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5400 (GCVE-0-2023-5400)

    Vulnerability from cvelistv5 – Published: 2024-04-17 16:41 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.  See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: *
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5400",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T19:39:14.509795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:28:46.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.742Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.\u0026nbsp;\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.\u00a0\nSee Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-47",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-47"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:58:40.848Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5400",
        "datePublished": "2024-04-17T16:41:10.932Z",
        "dateReserved": "2023-10-04T17:50:51.561Z",
        "dateUpdated": "2024-08-02T07:59:44.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5398 (GCVE-0-2023-5398)

    Vulnerability from cvelistv5 – Published: 2024-04-17 16:40 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 520.2 , ≤ 520.2_tcu4 (semver)
        cpe:2.3:a:honeywell:experion_server:520.2:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 510.1 , ≤ 510.2_hf13 (semver)
        cpe:2.3:a:honeywell:experion_server:510.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 520.1 , ≤ 520.1_tcu4 (custom)
        cpe:2.3:a:honeywell:experion_server:520.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 511.1 , ≤ 511.5_tcu4_hf3 (custom)
        cpe:2.3:a:honeywell:experion_server:511.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:520.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2_tcu4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:510.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "510.2_hf13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:520.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.1_tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:511.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-19T13:03:36.390624Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T19:39:56.991Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.650Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1327",
                  "description": "CWE-1327",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:58:13.998Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5398",
        "datePublished": "2024-04-17T16:40:10.248Z",
        "dateReserved": "2023-10-04T17:50:51.025Z",
        "dateUpdated": "2024-08-02T07:59:44.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5397 (GCVE-0-2023-5397)

    Vulnerability from cvelistv5 – Published: 2024-04-17 16:38 – Updated: 2024-08-08 15:58
    VLAI
    Summary
    Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 520.2 , ≤ 520.2_tcu4 (custom)
    Affected: 510.1 , ≤ 510.2_hf13 (custom)
    Affected: 520.1 , ≤ 520.1_tcu4 (custom)
    Affected: 511.1 , ≤ 511.5_tcu4_hf3 (custom)
    Affected: 520.2_tcu4_hfr2 , ≤ 511.5_tcu4_hf3 (custom)
        cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2_tcu4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "510.2_hf13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "520.1_tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "520.2_tcu4_hfr2",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "descriptions": [
              {
                "lang": "en",
                "value": "Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning."
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS",
                "scenarios": [
                  {
                    "lang": "en",
                    "value": "GENERAL"
                  }
                ]
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5397",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T15:49:52.243408Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T15:58:57.657Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:57:19.348Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5397",
        "datePublished": "2024-04-17T16:38:21.534Z",
        "dateReserved": "2023-10-04T17:50:50.454Z",
        "dateUpdated": "2024-08-08T15:58:57.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5396 (GCVE-0-2023-5396)

    Vulnerability from cvelistv5 – Published: 2024-04-17 16:37 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5396",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T16:06:28.333552Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-24T18:06:59.537Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.711Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-256",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-256"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-805",
                  "description": "CWE-805",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:49:53.901Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5396",
        "datePublished": "2024-04-17T16:37:41.106Z",
        "dateReserved": "2023-10-04T17:50:48.303Z",
        "dateUpdated": "2024-08-02T07:59:44.711Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5395 (GCVE-0-2023-5395)

    Vulnerability from cvelistv5 – Published: 2024-04-17 16:37 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_server Affected: 520.2 , ≤ 520.2_tcu4 (semver)
        cpe:2.3:a:honeywell:experion_server:520.2:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 510.1 , ≤ 510.2_hf13 (semver)
        cpe:2.3:a:honeywell:experion_server:510.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 520.1 , ≤ 520.1_tcu4 (custom)
        cpe:2.3:a:honeywell:experion_server:520.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_server Affected: 511.1 , ≤ 511.5_tcu4_hf3 (custom)
        cpe:2.3:a:honeywell:experion_server:511.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:520.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2_tcu4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:510.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "510.2_hf13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:520.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.1_tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_server:511.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "experion_server",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "511.5_tcu4_hf3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-23T18:42:52.918169Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T18:58:46.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "510.2 HF14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "520.2 TCU4 HF2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "520.1 TCU5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "changes": [
                    {
                      "at": "511.5 TCU4 HF4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u003c/span\u003e\n\n"
                }
              ],
              "value": "Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:56:40.621Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5395",
        "datePublished": "2024-04-17T16:37:00.868Z",
        "dateReserved": "2023-10-04T17:50:47.748Z",
        "dateUpdated": "2024-08-02T07:59:44.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5394 (GCVE-0-2023-5394)

    Vulnerability from cvelistv5 – Published: 2024-04-11 19:21 – Updated: 2024-08-09 20:13
    VLAI
    Summary
    Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    honeywell experion_process_knowledge_system Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 510.1 , ≤ 510.2 HF13 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
        cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell experion_lx Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
        cpe:2.3:h:honeywell:experion_lx:*:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell plantcruise Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
        cpe:2.3:a:honeywell:plantcruise:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "experion_process_knowledge_system",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2 TCU4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "510.2 HF13",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1 TCU4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5 TCU4 HF3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:experion_lx:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "experion_lx",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2 TCU4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5 TCU4 HF3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1 TCU4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:honeywell:plantcruise:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "plantcruise",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2 TCU4",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "520.1 TCU4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  },
                  {
                    "lessThanOrEqual": "511.5 TCU4 HF3",
                    "status": "affected",
                    "version": "520.2 TCU4 HFR2",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T20:06:35.980311Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T20:13:47.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2 HF13",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution.\u0026nbsp;Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
                }
              ],
              "value": "Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution.\u00a0Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-123",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-123"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:56:10.283Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5394",
        "datePublished": "2024-04-11T19:21:52.796Z",
        "dateReserved": "2023-10-04T17:50:47.250Z",
        "dateUpdated": "2024-08-09T20:13:47.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5393 (GCVE-0-2023-5393)

    Vulnerability from cvelistv5 – Published: 2024-04-11 19:20 – Updated: 2024-08-02 07:59
    VLAI
    Summary
    Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell Experion Server Unaffected: 520.2 , < 520.2 TCU4 (semver)
    Unaffected: 510.1 , < 510.2 HF13 (semver)
    Unaffected: 520.1 , < 520.1 TCU4 (semver)
    Unaffected: 511.1 , < 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Create a notification for this product.
    Honeywell Experion Server Affected: 520.2 , ≤ 520.2 TCU4 (semver)
    Affected: 520.1 , ≤ 520.1 TCU4 (semver)
    Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5393",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-15T18:37:37.313463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:28:36.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.301Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThan": "520.2 TCU4",
                  "status": "unaffected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "510.2 HF13",
                  "status": "unaffected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThan": "520.1 TCU4",
                  "status": "unaffected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThan": "511.5 TCU4 HF3",
                  "status": "unaffected",
                  "version": "511.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "PlantCruise by Experion"
              ],
              "product": "Experion Server",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "520.2 TCU4",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1 TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5 TCU4 HF3",
                  "status": "affected",
                  "version": "520.2 TCU4 HFR2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.\u003cbr\u003e\u003cbr\u003e \n\n\u003cbr\u003e"
                }
              ],
              "value": "Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-47",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-47"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "CWE-130",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-25T16:55:04.443Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-5393",
        "datePublished": "2024-04-11T19:20:20.553Z",
        "dateReserved": "2023-10-04T17:50:46.496Z",
        "dateUpdated": "2024-08-02T07:59:44.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }