7.4
CVE-2023-5393
- EPSS 1.15%
- Veröffentlicht 11.04.2024 20:15:10
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle psirt@honeywell.com
- CVE-Watchlists
- Unerledigt
Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerHoneywell
≫
Produkt
Experion Server
Default Statusunaffected
Version
520.2
Version <
520.2 TCU4
Status
unaffected
Version
510.1
Version <
510.2 HF13
Status
unaffected
Version
520.1
Version <
520.1 TCU4
Status
unaffected
Version
511.1
Version <
511.5 TCU4 HF3
Status
unaffected
HerstellerHoneywell
≫
Produkt
Experion Server
Default Statusunaffected
Version <=
520.2 TCU4
Version
520.2
Status
affected
Version <=
511.5 TCU4 HF3
Version
511.1
Status
affected
Version <=
520.1 TCU4
Version
520.1
Status
affected
HerstellerHoneywell
≫
Produkt
Experion Server
Default Statusunaffected
Version <=
520.2 TCU4
Version
520.2
Status
affected
Version <=
520.1 TCU4
Version
520.1
Status
affected
Version <=
511.5 TCU4 HF3
Version
520.2 TCU4 HFR2
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.15% | 0.779 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@honeywell.com | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
|
CWE-130 Improper Handling of Length Parameter Inconsistency
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.