CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-26597 – Controller DOS on sending error response
https://notcve.org/view.php?id=CVE-2023-26597
13 Jul 2023 — Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning. Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25770 – Controller stack overflow on decoding messages from the server
https://notcve.org/view.php?id=CVE-2023-25770
13 Jul 2023 — Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25178 – Controller design flaw - unsigned firmware
https://notcve.org/view.php?id=CVE-2023-25178
13 Jul 2023 — Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-24480 – Controller stack overflow when decoding messages from the server
https://notcve.org/view.php?id=CVE-2023-24480
13 Jul 2023 — Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning. • https://process.honeywell.com • CWE-116: Improper Encoding or Escaping of Output CWE-787: Out-of-bounds Write •