Lucene search

[email protected]CVE-2023-24474

HistoryJul 13, 2023 - 11:15 a.m.

CVE-2023-24474

2023-07-1311:15:08

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-24474

experion server

dos

heap overflow

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%

JSON

Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message

Affected configurations

NVD

Node

honeywellexperion_serverRange501.1–501.6hf8

honeywellexperion_serverRange510.1–510.2hf12

honeywellexperion_serverRange511.1–511.5tcu3

honeywellexperion_serverRange520.1–520.1tcu4

honeywellexperion_serverRange520.2–520.2tcu2

Node

honeywellexperion_stationRange501.1–501.6hf8

honeywellexperion_stationRange510.1–510.2hf12

honeywellexperion_stationRange511.1–511.5tcu3

honeywellexperion_stationRange520.1–520.1tcu4

honeywellexperion_stationRange520.2–520.2tcu2

Node

honeywellengineering_stationRange510.1–511.5tcu3

honeywellengineering_stationRange520.1–520.1tcu4

honeywellengineering_stationRange520.2–520.2tcu2

Node

honeywelldirect_stationRange510.1–511.5tcu3

honeywelldirect_stationRange520.1–520.1tcu4

honeywelldirect_stationRange520.2–520.2tcu2

CPENameOperatorVersion
honeywell:experion_serverhoneywell experion serverle501.6hf8
honeywell:experion_serverhoneywell experion serverle510.2hf12
honeywell:experion_serverhoneywell experion serverle511.5tcu3
honeywell:experion_serverhoneywell experion serverle520.1tcu4
honeywell:experion_serverhoneywell experion serverle520.2tcu2

CPE	Name	Operator	Version
honeywell:experion_server	honeywell experion server	le	501.6hf8
honeywell:experion_server	honeywell experion server	le	510.2hf12
honeywell:experion_server	honeywell experion server	le	511.5tcu3
honeywell:experion_server	honeywell experion server	le	520.1tcu4
honeywell:experion_server	honeywell experion server	le	520.2tcu2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion PKS"
    ],
    "product": "Experion Server",
    "vendor": "Honeywell",
    "versions": [
      {
        "lessThanOrEqual": "501.6HF8",
        "status": "affected",
        "version": "501.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "510.2HF12",
        "status": "affected",
        "version": "510.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "511.5TCU3",
        "status": "affected",
        "version": "511.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.1TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.2TCU2",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion PKS"
    ],
    "product": "Experion Station",
    "vendor": "Honeywell",
    "versions": [
      {
        "lessThanOrEqual": "501.6HF8",
        "status": "affected",
        "version": "501.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "510.2HF12",
        "status": "affected",
        "version": "510.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "511.5TCU3",
        "status": "affected",
        "version": "511.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.1TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.2TCU2",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion LX",
      "Experion PlantCruise"
    ],
    "product": "Engineering Station",
    "vendor": "Honeywell",
    "versions": [
      {
        "lessThanOrEqual": "511.5TCU3",
        "status": "affected",
        "version": "510.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.1TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.2TCU2",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion LX",
      "Experion PlantCruise"
    ],
    "product": "Direct Station",
    "vendor": "Honeywell",
    "versions": [
      {
        "lessThanOrEqual": "511.5TCU3",
        "status": "affected",
        "version": "510.5",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.1TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.2TCU2",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      }
    ]
  }
]

References

process.honeywell.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%

JSON

Related for CVE-2023-24474

prion1 cvelist1 nvd1 ics1