CVE-2021-38397

EPSS 0.12%
Veröffentlicht 28.10.2022 02:15:16
Zuletzt bearbeitet 21.11.2024 06:16:59
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Honeywell ≫ C200 Firmware Version-

Honeywell ≫ C200 Version-

Honeywell ≫ C200e Firmware Version-

Honeywell ≫ C200e Version-

Honeywell ≫ C300 Firmware Version-

Honeywell ≫ C300 Version-

Honeywell ≫ Application Control Environment Firmware Version-

Honeywell ≫ Application Control Environment Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.316

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
ics-cert@hq.dhs.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04

Third Party Advisory

US Government Resource

https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf

Product

https://nvd.nist.gov/vuln/detail/CVE-2021-38397

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-38397

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-38397

EUVD