5 matches found
Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type (CVE-2021-38397)
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. This plugin only works with Tenable.ot. Please visit...
CVE-2021-38397
CVE-2021-38397 affects Honeywell Experion PKS: C200, C200E, C300, and ACE controllers. Root cause is unrestricted file uploads (insufficient input validation) allowing remote code execution and DoS. Impact is high: potential remote compromise of ICS assets. Remediation varies: Honeywell has added...
CVE-2021-38397
creationtimestamp| type| source ---|---|--- 2021-10-06 09:39:48+00:00| seen| https://t.me/thehackernews/1565 2021-10-06 13:10:00+00:00| seen| https://t.me/truesecator/2185 2022-10-28 07:29:04+00:00| seen| https://t.me/cibsecurity/52195...
Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code...
Honeywell Experion PKS and ACE Controllers
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion Process Knowledge System PKS C200, C200E, C300 and ACE Controllers Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Relative Path Traversal, Improper...