CVE-2023-5390

🗓️ 31 Jan 2024 17:46:39Reported by HoneywellType

Attacker can exploit CVE-2023-5390 to read files from Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC, exposing limited information. Update to latest version advised

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the microprogramming software used in Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC controllers allows attackers to disclose protected information or execute arbitrary files.	20 Feb 202400:00	–	bdu_fstec
Circl	CVE-2023-5390	31 Jan 202419:31	–	circl
CNNVD	Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC Security Vulnerabilities	31 Jan 202400:00	–	cnnvd
CVE	CVE-2023-5390	31 Jan 202417:46	–	cve
EUVD	EUVD-2023-57705	3 Oct 202520:07	–	euvd
ICS	Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC	25 Apr 202406:00	–	ics
NCSC	Vulnerabilities fixed in Honeywell Experion and Safety Manager	26 Apr 202400:00	–	ncsc
NVD	CVE-2023-5390	31 Jan 202418:15	–	nvd
Prion	Design/Logic Flaw	31 Jan 202418:15	–	prion
Positive Technologies	PT-2024-1736 · Honeywell · Honeywell Experion Controledge Virtualuoc +1	30 Jan 202400:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion PKS"
    ],
    "product": "ControlEdge UOC",
    "vendor": "Honeywell",
    "versions": [
      {
        "changes": [
          {
            "at": "520.2 TCU4 HF1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "520.2 TCU4",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "510.2 HF14",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "510.2 HF13",
        "status": "affected",
        "version": "510.1",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "520.1 TCU5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "520.1 TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "511.5 TCU4 HF4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "511.5 TCU4 HF3",
        "status": "affected",
        "version": "511.1",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Experion LX"
    ],
    "product": "ControlEdge UOC",
    "vendor": "Honeywell",
    "versions": [
      {
        "changes": [
          {
            "at": "520.2 TCU4 HF2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "520.2 TCU4",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "511.5 TCU4 HF4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "511.5 TCU4 HF3",
        "status": "affected",
        "version": "511.1",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "520.1 TCU5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "520.1 TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "PlantCruise by Experion"
    ],
    "product": "ControlEdge UOC",
    "vendor": "Honeywell",
    "versions": [
      {
        "changes": [
          {
            "at": "520.2 TCU4 HF2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "520.2 TCU4",
        "status": "affected",
        "version": "520.2",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "520.1 TCU5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "520.1 TCU4",
        "status": "affected",
        "version": "520.1",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "511.5 TCU4 HF4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "511.5 TCU4 HF3",
        "status": "affected",
        "version": "520.2 TCU4 HFR2",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
honeywell	www.honeywell.com/us/en/product-security
process	www.process.honeywell.com/

09 Jul 2024 19:56Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.15.3

EPSS0.0057

CWE-36