CVE-2023-25770 – Controller stack overflow on decoding messages from the server
https://notcve.org/view.php?id=CVE-2023-25770
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-502: Deserialization of Untrusted Data •
CVE-2023-25178 – Controller design flaw - unsigned firmware
https://notcve.org/view.php?id=CVE-2023-25178
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2023-25078 – DoS due to heap overflow
https://notcve.org/view.php?id=CVE-2023-25078
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-787: Out-of-bounds Write •
CVE-2023-24480 – Controller stack overflow when decoding messages from the server
https://notcve.org/view.php?id=CVE-2023-24480
Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-116: Improper Encoding or Escaping of Output CWE-787: Out-of-bounds Write •
CVE-2023-24474 – Server deserialization missing boundary checks - heap overflow in communication between server and controller
https://notcve.org/view.php?id=CVE-2023-24474
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message • https://process.honeywell.com • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •