CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5407
https://notcve.org/view.php?id=CVE-2023-5407
Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. Denegación de servicio del controlador debido al manejo inadecuado de un mensaje especialmente manipulado recibido por el controlador. Consulte la Notificación de seguridad de Honeywell para obtener recomendaciones sobre actualización y control de versiones. • https://process.honeywell.com • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5392
https://notcve.org/view.php?id=CVE-2023-5392
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. Fuga de información de C300 debido a una función de análisis que permite extraer más memoria a través de la red de la requerida por la función. Honeywell recomienda actualizar a la versión más reciente del producto. • https://process.honeywell.com • CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-26597 – Controller DOS on sending error response
https://notcve.org/view.php?id=CVE-2023-26597
Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25770 – Controller stack overflow on decoding messages from the server
https://notcve.org/view.php?id=CVE-2023-25770
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25178 – Controller design flaw - unsigned firmware
https://notcve.org/view.php?id=CVE-2023-25178
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-345: Insufficient Verification of Data Authenticity •