5 matches found
Honeywell Experion PKS and ACE Controllers Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2021-38395)
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. This plugin only works with Tenable.ot. Please visit...
CVE-2021-38395
The CVE-2021-38395 entry applies to Honeywell Experion PKS C200, C200E, C300 and ACE controllers, where the vulnerability stems from improper neutralization of special elements in output. This condition can allow a remote attacker to execute arbitrary code and trigger a denial-of-service. Publicl...
CVE-2021-38395
creationtimestamp| type| source ---|---|--- 2021-10-06 09:39:48+00:00| seen| https://t.me/thehackernews/1565 2021-10-06 13:10:00+00:00| seen| https://t.me/truesecator/2185 2022-10-28 07:28:56+00:00| seen| https://t.me/cibsecurity/52189...
Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code...
Honeywell Experion PKS and ACE Controllers
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion Process Knowledge System PKS C200, C200E, C300 and ACE Controllers Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Relative Path Traversal, Improper...