CVE-2023-5392

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Fuga de información de C300 debido a una función de análisis que permite extraer más memoria a través de la red de la requerida por la función. Honeywell recomienda actualizar a la versión más reciente del producto. Consulte la Notificación de seguridad de Honeywell para obtener recomendaciones sobre actualización y control de versiones.

*Credits: N/A

CVSS Scores

Honeywell International Inc.v3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-10-04 CVE Reserved
2024-04-11 CVE Published
2024-04-12 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1295: Debug Messages Revealing Unnecessary Information

CAPEC

CAPEC-121: Exploit Non-Production Interfaces

References (1)

URL	Tag	Source
https://process.honeywell.com

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Honeywell Search vendor "Honeywell"		C300 Search vendor "Honeywell" for product "C300"				>= 520.2 <= 520.2 TCU4 Search vendor "Honeywell" for product "C300" and version " >= 520.2 <= 520.2 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		C300 Search vendor "Honeywell" for product "C300"				>= 510.1 <= 510.2 HF13 Search vendor "Honeywell" for product "C300" and version " >= 510.1 <= 510.2 HF13"		en		Affected
Honeywell Search vendor "Honeywell"		C300 Search vendor "Honeywell" for product "C300"				>= 520.1 <= 520.1 TCU4 Search vendor "Honeywell" for product "C300" and version " >= 520.1 <= 520.1 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		C300 Search vendor "Honeywell" for product "C300"				>= 511.1 <= 511.5 TCU4 HF3 Search vendor "Honeywell" for product "C300" and version " >= 511.1 <= 511.5 TCU4 HF3"		en		Affected
Honeywell Search vendor "Honeywell"		C300 Search vendor "Honeywell" for product "C300"				>= 520.2 <= 520.2 TCU4 Search vendor "Honeywell" for product "C300" and version " >= 520.2 <= 520.2 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		C300 Search vendor "Honeywell" for product "C300"				>= 511.1 <= 511.5 TCU4 HF3 Search vendor "Honeywell" for product "C300" and version " >= 511.1 <= 511.5 TCU4 HF3"		en		Affected
Honeywell Search vendor "Honeywell"		C300 Search vendor "Honeywell" for product "C300"				>= 520.1 <= 520.1 TCU4 Search vendor "Honeywell" for product "C300" and version " >= 520.1 <= 520.1 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		C300 Search vendor "Honeywell" for product "C300"				>= 520.2 <= 520.2 TCU4 Search vendor "Honeywell" for product "C300" and version " >= 520.2 <= 520.2 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		C300 Search vendor "Honeywell" for product "C300"				>= 520.1 <= 520.1 TCU4 Search vendor "Honeywell" for product "C300" and version " >= 520.1 <= 520.1 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		C300 Search vendor "Honeywell" for product "C300"				<= 511.5 TCU4 HF3 Search vendor "Honeywell" for product "C300" and version " <= 511.5 TCU4 HF3"		en		Affected