CVE-2021-38399
Honeywell Experion PKS and ACE Controllers Relative Path Traversal
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables al Path Traversal relativa, lo que puede permitir que un atacante acceda a archivos y directorios no autorizados.
*Credits:
Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-08-10 CVE Reserved
- 2022-10-28 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-23: Relative Path Traversal
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Third Party Advisory | |
| https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Honeywell Search vendor "Honeywell" | C200 Firmware Search vendor "Honeywell" for product "C200 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | C200 Search vendor "Honeywell" for product "C200" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | C200e Firmware Search vendor "Honeywell" for product "C200e Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | C200e Search vendor "Honeywell" for product "C200e" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | C300 Firmware Search vendor "Honeywell" for product "C300 Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | C300 Search vendor "Honeywell" for product "C300" | - | - |
Safe
|
| Honeywell Search vendor "Honeywell" | Application Control Environment Firmware Search vendor "Honeywell" for product "Application Control Environment Firmware" | - | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Application Control Environment Search vendor "Honeywell" for product "Application Control Environment" | - | - |
Safe
|