CVE-2023-5406

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.

La comunicación del servidor con un controlador puede conducir a la ejecución remota de código mediante un mensaje especialmente manipulado desde el controlador. Consulte la Notificación de seguridad de Honeywell para obtener recomendaciones sobre actualización y control de versiones.

*Credits: N/A

CVSS Scores

Honeywell International Inc.v3.1 5.9

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-10-04 CVE Reserved
2024-04-17 CVE Published
2024-04-18 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

CAPEC-100: Overflow Buffers

References (1)

URL	Tag	Source
https://process.honeywell.com

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Honeywell Search vendor "Honeywell"		Experion Server Search vendor "Honeywell" for product "Experion Server"				>= 520.2 <= 520.2 TCU4 Search vendor "Honeywell" for product "Experion Server" and version " >= 520.2 <= 520.2 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		Experion Server Search vendor "Honeywell" for product "Experion Server"				>= 510.1 <= 510.2 HF13 Search vendor "Honeywell" for product "Experion Server" and version " >= 510.1 <= 510.2 HF13"		en		Affected
Honeywell Search vendor "Honeywell"		Experion Server Search vendor "Honeywell" for product "Experion Server"				>= 520.1 <= 520.1 TCU4 Search vendor "Honeywell" for product "Experion Server" and version " >= 520.1 <= 520.1 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		Experion Server Search vendor "Honeywell" for product "Experion Server"				>= 511.1 <= 511.5 TCU4 HF3 Search vendor "Honeywell" for product "Experion Server" and version " >= 511.1 <= 511.5 TCU4 HF3"		en		Affected
Honeywell Search vendor "Honeywell"		Experion Server Search vendor "Honeywell" for product "Experion Server"				>= 520.2 <= 520.2 TCU4 Search vendor "Honeywell" for product "Experion Server" and version " >= 520.2 <= 520.2 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		Experion Server Search vendor "Honeywell" for product "Experion Server"				>= 511.1 <= 511.5 TCU4 HF3 Search vendor "Honeywell" for product "Experion Server" and version " >= 511.1 <= 511.5 TCU4 HF3"		en		Affected
Honeywell Search vendor "Honeywell"		Experion Server Search vendor "Honeywell" for product "Experion Server"				>= 520.1 <= 520.1 TCU4 Search vendor "Honeywell" for product "Experion Server" and version " >= 520.1 <= 520.1 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		Experion Server Search vendor "Honeywell" for product "Experion Server"				>= 520.2 <= 520.2 TCU4 Search vendor "Honeywell" for product "Experion Server" and version " >= 520.2 <= 520.2 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		Experion Server Search vendor "Honeywell" for product "Experion Server"				>= 520.1 <= 520.1 TCU4 Search vendor "Honeywell" for product "Experion Server" and version " >= 520.1 <= 520.1 TCU4"		en		Affected
Honeywell Search vendor "Honeywell"		Experion Server Search vendor "Honeywell" for product "Experion Server"				<= 511.5 TCU4 HF3 Search vendor "Honeywell" for product "Experion Server" and version " <= 511.5 TCU4 HF3"		en		Affected