Lucene search
HistoryJul 13, 2023 - 11:15 a.m.
CVE-2023-25078
cve-2023-25078
nvd
dos
heap overflow
message handling
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.8%
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.
See Honeywell Security Notification for recommendations on upgrading and versioning.
Affected configurations
Node
honeywellexperion_serverRange501.1–501.6hf8
ORhoneywellexperion_serverRange510.1–510.2hf12
ORhoneywellexperion_serverRange511.1–511.5tcu3
ORhoneywellexperion_serverRange520.1–520.1tcu4
ORhoneywellexperion_serverRange520.2–520.2tcu2
Node
honeywellexperion_stationRange501.1–501.6hf8
ORhoneywellexperion_stationRange510.1–510.2hf12
ORhoneywellexperion_stationRange511.1–511.5tcu3
ORhoneywellexperion_stationRange520.1–520.1tcu4
ORhoneywellexperion_stationRange520.2–520.2tcu2
Node
honeywellengineering_stationRange510.1–511.tcu3
ORhoneywellengineering_stationRange520.1–520.1tcu4
ORhoneywellengineering_stationRange520.2–520.2tcu2
Node
honeywelldirect_stationRange510.1–511.tcu3
ORhoneywelldirect_stationRange520.1–520.1tcu4
ORhoneywelldirect_stationRange520.2–520.2tcu2
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "Experion Server",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "501.6HF8",
"status": "affected",
"version": "501.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "510.2HF12",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "Experion Station",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "501.6HF8",
"status": "affected",
"version": "501.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "510.2HF12",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX",
"Experion PlantCruise"
],
"product": "Engineering Station",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX",
"Experion PlantCruise"
],
"product": "Direct Station",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "510.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
}
]References
Related
cvelist
cvelist
CVE-2023-25078 DoS due to heap overflow
2023-07-13 10:58:33
prion
prion
Design/Logic Flaw
2023-07-13 11:15:00
nvd
nvd
CVE-2023-25078
2023-07-13 11:15:09
ics
ics
Honeywell Experion PKS, LX and PlantCruise
2023-07-13 12:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.8%
Related for CVE-2023-25078