9.8
CVE-2023-25178
- EPSS 0.89%
- Veröffentlicht 13.07.2023 11:15:09
- Zuletzt bearbeitet 21.11.2024 07:49:15
- Quelle psirt@honeywell.com
- Teams Watchlist Login
- Unerledigt Login
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Honeywell ≫ C300 Firmware Version >= 501.1 <= 501.6hf8
Honeywell ≫ C300 Firmware Version >= 510.1 <= 510.2hf12
Honeywell ≫ C300 Firmware Version >= 511.1 <= 511.5tcu3
Honeywell ≫ C300 Firmware Version >= 520.1 <= 520.1tcu4
Honeywell ≫ C300 Firmware Version >= 520.2 <= 520.2tcu2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.89% | 0.746 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@honeywell.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.