Lucene search
+L

267 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.28 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Heap-based Buffer Overflow (CVE-2023-5404)

Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...

8AI score0.00724EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.31 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Absolute Path Traversal (CVE-2023-5390)

An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends...

5.3CVSS7.1AI score0.0057EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.28 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Out-of-bounds Write (CVE-2023-5405)

Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...

6.8AI score0.00404EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.24 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Stack-based Buffer Overflow (CVE-2023-5395)

Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit...

8.4AI score0.00746EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.17 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Heap-based Buffer Overflow (CVE-2023-5400)

Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. This...

8.2AI score0.00746EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.20 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Improper Handling of Length Parameter Inconsistency (CVE-2023-5393)

Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and...

8.3AI score0.00711EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.35 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Exposed Dangerous Method or Function (CVE-2023-5389)

An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files...

9.1CVSS7.9AI score0.00779EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.24 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2023-5394)

Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations...

7.9AI score0.00711EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.17 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Stack-based Buffer Overflow (CVE-2023-5407)

Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot fo...

5.9CVSS5.5AI score0.00443EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.20 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Debug Messages Revealing Unnecessary Information (CVE-2023-5392)

C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. This...

7.5CVSS5.5AI score0.00476EPSS
Exploits0References3
NCSC
NCSC
added 2024/04/26 12:0 a.m.54 views

Vulnerabilities fixed in Honeywell Experion and Safety Manager

Honeywell has fixed vulnerabilities in Experion, Experion Plantcruise and Safety Manager. A malicious party could exploit vulnerabilities to launch attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root...

9.1CVSS7.8AI score0.00779EPSS
Exploits0
CISA
CISA
added 2024/04/25 12:0 p.m.5 views

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems ICS advisories on April 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-116-01 Multiple Vulnerabilities in Hitachi Energy RTU500 Series ICSA-24-116-02 Hitachi...

7AI score
Exploits0References8
ICS
ICS
added 2024/04/25 6:0 a.m.67 views

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Honeywell Equipment : Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Vulnerabilities : Exposed Dangerous Method or Function, Absolute Path Traversal,...

9.1CVSS8.3AI score0.00779EPSS
Exploits0References8
CNVD
CNVD
added 2024/04/19 12:0 a.m.6 views

Unspecified Vulnerability in Honeywell Experion Server (CNVD-2024-24966)

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server, which stems from the fact that the server's receipt of a malformed...

8.1CVSS7.1AI score0.00746EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/19 12:0 a.m.6 views

Honeywell Experion Server Denial of Service Vulnerability

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A denial of service vulnerability exists in Honeywell Experion Server that stems from improper handling of specially crafted...

5.9CVSS6.6AI score0.00443EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/19 12:0 a.m.10 views

Unspecified Vulnerability in Honeywell Experion Server (CNVD-2024-24969)

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server that stems from the server receiving a malformed message containing a...

8.1CVSS7.9AI score0.00746EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/19 12:0 a.m.12 views

Unspecified Vulnerability in Honeywell Experion Server (CNVD-2024-24963)

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server that originates when the server receives an incorrectly formatted...

8.1CVSS7.7AI score0.00724EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/19 12:0 a.m.13 views

Unspecified Vulnerability in Honeywell Experion Server (CNVD-2024-24961)

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server that stems from a specially crafted message from the controller that...

5.9CVSS6.9AI score0.0069EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/19 12:0 a.m.28 views

Unspecified Vulnerability in Honeywell Experion Server (CNVD-2024-24965)

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server, which stems from the fact that the server's receipt of a malformed...

8.1CVSS7.5AI score0.00746EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/19 12:0 a.m.5 views

Unspecified Vulnerability in Honeywell Experion Server (CNVD-2024-24967)

Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server that originates from the server receiving a malformed message based o...

5.9CVSS7AI score0.00443EPSS
Exploits0References1
Rows per page
Query Builder