Lucene search

HoneywellCVE-2023-22435

HistoryJul 13, 2023 - 11:15 a.m.

CVE-2023-22435

2023-07-1311:15:08

CWE-787

CWE-697

Honeywell

web.nvd.nist.gov

cve-2023-22435

experion

server

dos

vulnerability

stack overflow

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.9%

JSON

Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.

Affected configurations

Nvd

Node

honeywellexperion_serverRange501.1–501.6hf8

honeywellexperion_serverRange510.1–510.2hf12

honeywellexperion_serverRange511.1–511.5tcu3

honeywellexperion_serverRange520.1–520.1tcu4

honeywellexperion_serverRange520.2–520.2tcu2

Node

honeywellexperion_stationRange501.1–501.6hf8

honeywellexperion_stationRange510.1–510.2hf12

honeywellexperion_stationRange511.1–511.5tcu3

honeywellexperion_stationRange520.1–520.1tcu4

honeywellexperion_stationRange520.2–520.2tcu2

Node

honeywellengineering_stationRange510.1–511.5tcu3

honeywellengineering_stationRange520.1–520.1tcu4

honeywellengineering_stationRange520.2–520.2tcu2

Node

honeywelldirect_stationRange510.1–511.5tcu3

honeywelldirect_stationRange520.1–520.1tcu4

honeywelldirect_stationRange520.2–520.2tcu2

VendorProductVersionCPE
honeywellexperion_server*cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
honeywellexperion_station*cpe:2.3:a:honeywell:experion_station:*:*:*:*:*:*:*:*
honeywellengineering_station*cpe:2.3:a:honeywell:engineering_station:*:*:*:*:*:*:*:*
honeywelldirect_station*cpe:2.3:a:honeywell:direct_station:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
honeywell	experion_server	*	cpe:2.3:a:honeywell:experion_server::::::::
honeywell	experion_station	*	cpe:2.3:a:honeywell:experion_station::::::::
honeywell	engineering_station	*	cpe:2.3:a:honeywell:engineering_station::::::::
honeywell	direct_station	*	cpe:2.3:a:honeywell:direct_station::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion PKS"
    ],
    "product": "Experion Server",
    "vendor": "Honeywell",
    "versions": [
      {
        "lessThanOrEqual": "501.6HF8",
        "status": "affected",
        "version": "501.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "510.2HF12",
        "status": "affected",
        "version": "510.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "511.5TCU3",
        "status": "affected",
        "version": "511.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.1TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.2TCU2",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion PKS"
    ],
    "product": "Experion Station",
    "vendor": "Honeywell",
    "versions": [
      {
        "lessThanOrEqual": "501.6HF8",
        "status": "affected",
        "version": "501.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "510.2HF12",
        "status": "affected",
        "version": "510.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "511.5TCU3",
        "status": "affected",
        "version": "511.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.1TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.2TCU2",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion LX",
      "Experion PlantCruise"
    ],
    "product": "Engineering Station",
    "vendor": "Honeywell",
    "versions": [
      {
        "lessThanOrEqual": "511.5TCU3",
        "status": "affected",
        "version": "510.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.1TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.2TCU2",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion LX",
      "Experion PlantCruise"
    ],
    "product": "Direct Station",
    "vendor": "Honeywell",
    "versions": [
      {
        "lessThanOrEqual": "511.5TCU3",
        "status": "affected",
        "version": "510.5",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.1TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.2TCU2",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      }
    ]
  }
]

References

process.honeywell.com

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.9%

JSON

Related for CVE-2023-22435