Lucene search

HoneywellCVE-2023-26597

HistoryJul 13, 2023 - 12:15 p.m.

CVE-2023-26597

2023-07-1312:15:09

CWE-400

CWE-787

Honeywell

web.nvd.nist.gov

cve-2023-26597

dos

buffer overflow

controller

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

33.9%

JSON

Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected configurations

Nvd

Node

honeywellc300Match-

AND

honeywellc300_firmwareRange501.1–501.6hf8

honeywellc300_firmwareRange510.1–510.2hf12

honeywellc300_firmwareRange511.1–511.5tcu3

honeywellc300_firmwareRange520.1–520.1tcu4

honeywellc300_firmwareRange520.2–520.2tcu2

VendorProductVersionCPE
honeywellc300-cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*
honeywellc300_firmware*cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
honeywell	c300	-	cpe:2.3:h:honeywell:c300:-:::::::*
honeywell	c300_firmware	*	cpe:2.3:o:honeywell:c300_firmware::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion PKS"
    ],
    "product": "C300",
    "vendor": "Honeywell",
    "versions": [
      {
        "lessThanOrEqual": "501.6HF8",
        "status": "affected",
        "version": "501.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "510.2HF12",
        "status": "affected",
        "version": "510.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "511.5TCU3",
        "status": "affected",
        "version": "511.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.1TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.2TCU2",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion LX",
      "Experion PlantCruise"
    ],
    "product": "C300",
    "vendor": "Honeywell",
    "versions": [
      {
        "lessThanOrEqual": "511.5TCU3",
        "status": "affected",
        "version": "510.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.1TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "520.2TCU2",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      }
    ]
  }
]

References

process.honeywell.com

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

33.9%

JSON

Related for CVE-2023-26597