CVE-2023-5394
https://notcve.org/view.php?id=CVE-2023-5394
Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. El servidor recibe un mensaje con formato incorrecto que indica que el nombre de host del mensaje GCL puede ser demasiado grande, lo que puede provocar un desbordamiento de la pila; lo que resulta en una posible ejecución remota de código. Honeywell recomienda actualizar a la versión más reciente del producto. • https://process.honeywell.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2023-5393
https://notcve.org/view.php?id=CVE-2023-5393
Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. El servidor que recibe un mensaje con formato incorrecto que provoca una desconexión de un nombre de host puede provocar un desbordamiento de la pila, lo que resulta en una posible ejecución remota de código. Honeywell recomienda actualizar a la versión más reciente del producto. • https://process.honeywell.com • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVE-2023-25948 – Server Data type confusion - info leak
https://notcve.org/view.php?id=CVE-2023-25948
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-209: Generation of Error Message Containing Sensitive Information CWE-394: Unexpected Status Code or Return Value •
CVE-2023-25078 – DoS due to heap overflow
https://notcve.org/view.php?id=CVE-2023-25078
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-787: Out-of-bounds Write •
CVE-2023-24474 – Server deserialization missing boundary checks - heap overflow in communication between server and controller
https://notcve.org/view.php?id=CVE-2023-24474
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message • https://process.honeywell.com • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •