CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-26597 – Controller DOS on sending error response
https://notcve.org/view.php?id=CVE-2023-26597
Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25770 – Controller stack overflow on decoding messages from the server
https://notcve.org/view.php?id=CVE-2023-25770
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25178 – Controller design flaw - unsigned firmware
https://notcve.org/view.php?id=CVE-2023-25178
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-24480 – Controller stack overflow when decoding messages from the server
https://notcve.org/view.php?id=CVE-2023-24480
Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-116: Improper Encoding or Escaping of Output CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38397 – Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2021-38397
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables a la carga de archivos sin restricciones, lo que puede permitir a un atacante ejecutar código arbitrario de forma remota y provocar una condición de Denegación de Servicio. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •