CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-26597 – Controller DOS on sending error response
https://notcve.org/view.php?id=CVE-2023-26597
13 Jul 2023 — Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning. Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25770 – Controller stack overflow on decoding messages from the server
https://notcve.org/view.php?id=CVE-2023-25770
13 Jul 2023 — Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25178 – Controller design flaw - unsigned firmware
https://notcve.org/view.php?id=CVE-2023-25178
13 Jul 2023 — Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-24480 – Controller stack overflow when decoding messages from the server
https://notcve.org/view.php?id=CVE-2023-24480
13 Jul 2023 — Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-116: Improper Encoding or Escaping of Output CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38397 – Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2021-38397
28 Oct 2022 — Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables a la carga de archivos sin restricciones, lo que puede permitir a un atacante ejecutar código arbitrario de forma remota y provocar una condición de Denegación de Servicio. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38395 – Honeywell Experion PKS and ACE Controllers Injection
https://notcve.org/view.php?id=CVE-2021-38395
28 Oct 2022 — Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables a una neutralización inadecuada de elementos especiales en la salida, lo que puede permitir a un atacante ejecutar código arbitrario de forma remota y provocar una condición de Denegación de S... • https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-38399 – Honeywell Experion PKS and ACE Controllers Relative Path Traversal
https://notcve.org/view.php?id=CVE-2021-38399
28 Oct 2022 — Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables al Path Traversal relativa, lo que puede permitir que un atacante acceda a archivos y directorios no autorizados. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •