// For flags

CVE-2023-5389

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Un atacante podría explotar esta vulnerabilidad, lo que permitiría modificar archivos en Honeywell Experion VirtualUOC y UOC. Esta explotación podría usarse para escribir un archivo que puede resultar en un comportamiento inesperado basado en cambios de configuración o actualización de archivos que podrían resultar en la ejecución posterior de una aplicación maliciosa si se activa. Honeywell recomienda actualizar a la versión más reciente del producto. Consulte la Notificación de seguridad de Honeywell para obtener recomendaciones sobre actualización y control de versiones.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-10-04 CVE Reserved
  • 2024-01-30 CVE Published
  • 2024-02-08 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-749: Exposed Dangerous Method or Function
CAPEC
  • CAPEC-126: Path Traversal
References (2)
URL Tag Source
https://process.honeywell.com Product
https://www.honeywell.com/us/en/product-security Not Applicable
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Honeywell
Search vendor "Honeywell"
 Controledge Unit Operations Controller Firmware
Search vendor "Honeywell" for product "Controledge Unit Operations Controller Firmware"
--
Affected
in Honeywell
Search vendor "Honeywell"
 Controledge Unit Operations Controller
Search vendor "Honeywell" for product "Controledge Unit Operations Controller"
--
Safe
Honeywell
Search vendor "Honeywell"
 Controledge Virtual Unit Operations Controller Firmware
Search vendor "Honeywell" for product "Controledge Virtual Unit Operations Controller Firmware"
--
Affected
in Honeywell
Search vendor "Honeywell"
 Controledge Virtual Unit Operations Controller
Search vendor "Honeywell" for product "Controledge Virtual Unit Operations Controller"
--
Safe