Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for c300_firmware by honeywell

    CVE-2023-26597 (GCVE-0-2023-26597)

    Vulnerability from nvd – Published: 2023-07-13 11:04 – Updated: 2025-03-05 18:50
    VLAI
    Title
    Controller DOS on sending error response
    Summary
    Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:53:53.803Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26597",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:38:43.280343Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:50:22.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T16:01:10.959Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Controller DOS on sending error response",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-26597",
        "datePublished": "2023-07-13T11:04:55.153Z",
        "dateReserved": "2023-02-28T23:51:16.647Z",
        "dateUpdated": "2025-03-05T18:50:22.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25770 (GCVE-0-2023-25770)

    Vulnerability from nvd – Published: 2023-07-13 10:59 – Updated: 2024-08-02 11:32
    VLAI
    Title
    Controller stack overflow on decoding messages from the server
    Summary
    Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    honeywell c300 Affected: 501.1 , ≤ 501.6hf8 (semver)
        cpe:2.3:h:honeywell:c300:501.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell c300 Affected: 510.1 , ≤ 510.2hf12 (semver)
        cpe:2.3:h:honeywell:c300:510.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell c300 Affected: 511.1 , ≤ 511.5tcu3 (semver)
        cpe:2.3:h:honeywell:c300:511.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell c300 Affected: 520.1 , ≤ 520.1tcu4 (semver)
        cpe:2.3:h:honeywell:c300:520.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell c300 Affected: 520.2 , ≤ 520.2tcu2 (semver)
        cpe:2.3:h:honeywell:c300:520.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:501.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "501.6hf8",
                    "status": "affected",
                    "version": "501.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:510.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "510.2hf12",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:511.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "511.5tcu3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:520.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.1tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:520.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2tcu2",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25770",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-22T18:26:04.535864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T19:15:35.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:32:12.419Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
                }
              ],
              "value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-221",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-221 XML External Entities Blowup"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T16:03:06.413Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Controller stack overflow on decoding messages from the server",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-25770",
        "datePublished": "2023-07-13T10:59:58.825Z",
        "dateReserved": "2023-02-28T23:51:16.657Z",
        "dateUpdated": "2024-08-02T11:32:12.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25178 (GCVE-0-2023-25178)

    Vulnerability from nvd – Published: 2023-07-13 10:59 – Updated: 2025-03-05 18:50
    VLAI
    Title
    Controller design flaw - unsigned firmware
    Summary
    Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:18:35.746Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:39:56.713815Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:50:28.752Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Controller may be loaded with malicious firmware which could enable remote code execution.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
                }
              ],
              "value": "Controller may be loaded with malicious firmware which could enable remote code execution.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-638",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-638 Altered Component Firmware"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345 Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T16:03:44.238Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Controller design flaw - unsigned firmware",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-25178",
        "datePublished": "2023-07-13T10:59:16.333Z",
        "dateReserved": "2023-02-28T23:51:16.663Z",
        "dateUpdated": "2025-03-05T18:50:28.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24480 (GCVE-0-2023-24480)

    Vulnerability from nvd – Published: 2023-07-13 10:57 – Updated: 2025-03-05 18:50
    VLAI
    Title
    Controller stack overflow when decoding messages from the server
    Summary
    Controller DoS due to stack overflow when decoding a message from the server.  See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:04.112Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24480",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:39:59.649573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:50:43.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Controller DoS due to stack overflow when decoding a message from the server.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
                }
              ],
              "value": "Controller DoS due to stack overflow when decoding a message from the server.\u00a0\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-173",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-173 Action Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116 Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T15:59:10.657Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Controller stack overflow when decoding messages from the server",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-24480",
        "datePublished": "2023-07-13T10:57:46.879Z",
        "dateReserved": "2023-02-28T23:51:16.652Z",
        "dateUpdated": "2025-03-05T18:50:43.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38399 (GCVE-0-2021-38399)

    Vulnerability from nvd – Published: 2022-10-28 01:19 – Updated: 2025-04-16 16:07
    VLAI
    Title
    Honeywell Experion PKS and ACE Controllers Relative Path Traversal
    Summary
    Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Honeywell Experion PKS Affected: C200
    Affected: C200E
    Affected: C300
    Affected: ACE controllers
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38399",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:53:50.707446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:07:59.274Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Experion PKS",
              "vendor": "Honeywell",
              "versions": [
                {
                  "status": "affected",
                  "version": "C200"
                },
                {
                  "status": "affected",
                  "version": "C200E"
                },
                {
                  "status": "affected",
                  "version": "C300"
                },
                {
                  "status": "affected",
                  "version": "ACE controllers"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-28T00:00:00.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
            },
            {
              "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Honeywell Experion PKS and ACE Controllers Relative Path Traversal",
          "workarounds": [
            {
              "lang": "en",
              "value": "Honeywell recommends users follow all guidance in the Experion Network and Security Planning Guide to prevent attacks by malicious actors.\n\nAdditional information can be found in Honeywell Support document SN2021-02-22-01."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38399",
        "datePublished": "2022-10-28T01:19:02.691Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:07:59.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38397 (GCVE-0-2021-38397)

    Vulnerability from nvd – Published: 2022-10-28 01:21 – Updated: 2025-04-16 16:07
    VLAI
    Title
    Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type
    Summary
    Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Honeywell Experion PKS Affected: C200
    Affected: C200E
    Affected: C300
    Affected: ACE controllers
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.577Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38397",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:53:15.692298Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:07:44.758Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Experion PKS",
              "vendor": "Honeywell",
              "versions": [
                {
                  "status": "affected",
                  "version": "C200"
                },
                {
                  "status": "affected",
                  "version": "C200E"
                },
                {
                  "status": "affected",
                  "version": "C300"
                },
                {
                  "status": "affected",
                  "version": "ACE controllers"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-28T00:00:00.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
            },
            {
              "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type",
          "workarounds": [
            {
              "lang": "en",
              "value": "Honeywell recommends users follow all guidance in the Experion Network and Security Planning Guide to prevent attacks by malicious actors.\n\nAdditional information can be found in Honeywell Support document SN2021-02-22-01."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38397",
        "datePublished": "2022-10-28T01:21:35.576Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:07:44.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38395 (GCVE-0-2021-38395)

    Vulnerability from nvd – Published: 2022-10-28 01:20 – Updated: 2025-04-16 16:07
    VLAI
    Title
    Honeywell Experion PKS and ACE Controllers Injection
    Summary
    Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Honeywell Experion PKS Affected: C200
    Affected: C200E
    Affected: C300
    Affected: ACE controllers
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:53:47.454539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:07:52.218Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Experion PKS",
              "vendor": "Honeywell",
              "versions": [
                {
                  "status": "affected",
                  "version": "C200"
                },
                {
                  "status": "affected",
                  "version": "C200E"
                },
                {
                  "status": "affected",
                  "version": "C300"
                },
                {
                  "status": "affected",
                  "version": "ACE controllers"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-28T00:00:00.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
            },
            {
              "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Honeywell Experion PKS and ACE Controllers Injection",
          "workarounds": [
            {
              "lang": "en",
              "value": "Honeywell recommends users follow all guidance in the Experion Network and Security Planning Guide to prevent attacks by malicious actors.\n\nAdditional information can be found in Honeywell Support document SN2021-02-22-01."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38395",
        "datePublished": "2022-10-28T01:20:24.175Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:07:52.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26597 (GCVE-0-2023-26597)

    Vulnerability from cvelistv5 – Published: 2023-07-13 11:04 – Updated: 2025-03-05 18:50
    VLAI
    Title
    Controller DOS on sending error response
    Summary
    Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:53:53.803Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26597",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:38:43.280343Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:50:22.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T16:01:10.959Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Controller DOS on sending error response",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-26597",
        "datePublished": "2023-07-13T11:04:55.153Z",
        "dateReserved": "2023-02-28T23:51:16.647Z",
        "dateUpdated": "2025-03-05T18:50:22.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25770 (GCVE-0-2023-25770)

    Vulnerability from cvelistv5 – Published: 2023-07-13 10:59 – Updated: 2024-08-02 11:32
    VLAI
    Title
    Controller stack overflow on decoding messages from the server
    Summary
    Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    honeywell c300 Affected: 501.1 , ≤ 501.6hf8 (semver)
        cpe:2.3:h:honeywell:c300:501.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell c300 Affected: 510.1 , ≤ 510.2hf12 (semver)
        cpe:2.3:h:honeywell:c300:510.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell c300 Affected: 511.1 , ≤ 511.5tcu3 (semver)
        cpe:2.3:h:honeywell:c300:511.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell c300 Affected: 520.1 , ≤ 520.1tcu4 (semver)
        cpe:2.3:h:honeywell:c300:520.1:*:*:*:*:*:*:*
    Create a notification for this product.
    honeywell c300 Affected: 520.2 , ≤ 520.2tcu2 (semver)
        cpe:2.3:h:honeywell:c300:520.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:501.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "501.6hf8",
                    "status": "affected",
                    "version": "501.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:510.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "510.2hf12",
                    "status": "affected",
                    "version": "510.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:511.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "511.5tcu3",
                    "status": "affected",
                    "version": "511.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:520.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.1tcu4",
                    "status": "affected",
                    "version": "520.1",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:honeywell:c300:520.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "c300",
                "vendor": "honeywell",
                "versions": [
                  {
                    "lessThanOrEqual": "520.2tcu2",
                    "status": "affected",
                    "version": "520.2",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25770",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-22T18:26:04.535864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T19:15:35.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:32:12.419Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
                }
              ],
              "value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-221",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-221 XML External Entities Blowup"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T16:03:06.413Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Controller stack overflow on decoding messages from the server",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-25770",
        "datePublished": "2023-07-13T10:59:58.825Z",
        "dateReserved": "2023-02-28T23:51:16.657Z",
        "dateUpdated": "2024-08-02T11:32:12.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25178 (GCVE-0-2023-25178)

    Vulnerability from cvelistv5 – Published: 2023-07-13 10:59 – Updated: 2025-03-05 18:50
    VLAI
    Title
    Controller design flaw - unsigned firmware
    Summary
    Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:18:35.746Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:39:56.713815Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:50:28.752Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Controller may be loaded with malicious firmware which could enable remote code execution.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
                }
              ],
              "value": "Controller may be loaded with malicious firmware which could enable remote code execution.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-638",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-638 Altered Component Firmware"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345 Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T16:03:44.238Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Controller design flaw - unsigned firmware",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-25178",
        "datePublished": "2023-07-13T10:59:16.333Z",
        "dateReserved": "2023-02-28T23:51:16.663Z",
        "dateUpdated": "2025-03-05T18:50:28.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24480 (GCVE-0-2023-24480)

    Vulnerability from cvelistv5 – Published: 2023-07-13 10:57 – Updated: 2025-03-05 18:50
    VLAI
    Title
    Controller stack overflow when decoding messages from the server
    Summary
    Controller DoS due to stack overflow when decoding a message from the server.  See Honeywell Security Notification for recommendations on upgrading and versioning.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    References
    Impacted products
    Vendor Product Version
    Honeywell C300 Affected: 501.1 , ≤ 501.6HF8 (semver)
    Affected: 510.1 , ≤ 510.2HF12 (semver)
    Affected: 511.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Honeywell C300 Affected: 510.1 , ≤ 511.5TCU3 (semver)
    Affected: 520.1 , ≤ 520.1TCU4 (semver)
    Affected: 520.2 , ≤ 520.2TCU2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:04.112Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://process.honeywell.com"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24480",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:39:59.649573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:50:43.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion PKS"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "501.6HF8",
                  "status": "affected",
                  "version": "501.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "510.2HF12",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "511.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Experion LX",
                "Experion PlantCruise"
              ],
              "product": "C300",
              "vendor": "Honeywell",
              "versions": [
                {
                  "lessThanOrEqual": "511.5TCU3",
                  "status": "affected",
                  "version": "510.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.1TCU4",
                  "status": "affected",
                  "version": "520.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "520.2TCU2",
                  "status": "affected",
                  "version": "520.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Controller DoS due to stack overflow when decoding a message from the server.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
                }
              ],
              "value": "Controller DoS due to stack overflow when decoding a message from the server.\u00a0\n\nSee Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-173",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-173 Action Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116 Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-22T15:59:10.657Z",
            "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
            "shortName": "Honeywell"
          },
          "references": [
            {
              "url": "https://process.honeywell.com"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Controller stack overflow when decoding messages from the server",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "assignerShortName": "Honeywell",
        "cveId": "CVE-2023-24480",
        "datePublished": "2023-07-13T10:57:46.879Z",
        "dateReserved": "2023-02-28T23:51:16.652Z",
        "dateUpdated": "2025-03-05T18:50:43.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38397 (GCVE-0-2021-38397)

    Vulnerability from cvelistv5 – Published: 2022-10-28 01:21 – Updated: 2025-04-16 16:07
    VLAI
    Title
    Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type
    Summary
    Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Honeywell Experion PKS Affected: C200
    Affected: C200E
    Affected: C300
    Affected: ACE controllers
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.577Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38397",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:53:15.692298Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:07:44.758Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Experion PKS",
              "vendor": "Honeywell",
              "versions": [
                {
                  "status": "affected",
                  "version": "C200"
                },
                {
                  "status": "affected",
                  "version": "C200E"
                },
                {
                  "status": "affected",
                  "version": "C300"
                },
                {
                  "status": "affected",
                  "version": "ACE controllers"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-28T00:00:00.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
            },
            {
              "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type",
          "workarounds": [
            {
              "lang": "en",
              "value": "Honeywell recommends users follow all guidance in the Experion Network and Security Planning Guide to prevent attacks by malicious actors.\n\nAdditional information can be found in Honeywell Support document SN2021-02-22-01."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38397",
        "datePublished": "2022-10-28T01:21:35.576Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:07:44.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38395 (GCVE-0-2021-38395)

    Vulnerability from cvelistv5 – Published: 2022-10-28 01:20 – Updated: 2025-04-16 16:07
    VLAI
    Title
    Honeywell Experion PKS and ACE Controllers Injection
    Summary
    Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Honeywell Experion PKS Affected: C200
    Affected: C200E
    Affected: C300
    Affected: ACE controllers
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38395",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:53:47.454539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:07:52.218Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Experion PKS",
              "vendor": "Honeywell",
              "versions": [
                {
                  "status": "affected",
                  "version": "C200"
                },
                {
                  "status": "affected",
                  "version": "C200E"
                },
                {
                  "status": "affected",
                  "version": "C300"
                },
                {
                  "status": "affected",
                  "version": "ACE controllers"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-28T00:00:00.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
            },
            {
              "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Honeywell Experion PKS and ACE Controllers Injection",
          "workarounds": [
            {
              "lang": "en",
              "value": "Honeywell recommends users follow all guidance in the Experion Network and Security Planning Guide to prevent attacks by malicious actors.\n\nAdditional information can be found in Honeywell Support document SN2021-02-22-01."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38395",
        "datePublished": "2022-10-28T01:20:24.175Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:07:52.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38399 (GCVE-0-2021-38399)

    Vulnerability from cvelistv5 – Published: 2022-10-28 01:19 – Updated: 2025-04-16 16:07
    VLAI
    Title
    Honeywell Experion PKS and ACE Controllers Relative Path Traversal
    Summary
    Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Honeywell Experion PKS Affected: C200
    Affected: C200E
    Affected: C300
    Affected: ACE controllers
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:37:16.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38399",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:53:50.707446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:07:59.274Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Experion PKS",
              "vendor": "Honeywell",
              "versions": [
                {
                  "status": "affected",
                  "version": "C200"
                },
                {
                  "status": "affected",
                  "version": "C200E"
                },
                {
                  "status": "affected",
                  "version": "C300"
                },
                {
                  "status": "affected",
                  "version": "ACE controllers"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-28T00:00:00.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04"
            },
            {
              "url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Honeywell Experion PKS and ACE Controllers Relative Path Traversal",
          "workarounds": [
            {
              "lang": "en",
              "value": "Honeywell recommends users follow all guidance in the Experion Network and Security Planning Guide to prevent attacks by malicious actors.\n\nAdditional information can be found in Honeywell Support document SN2021-02-22-01."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38399",
        "datePublished": "2022-10-28T01:19:02.691Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:07:59.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }