7.4

CVE-2023-5393

Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerHoneywell
Produkt Experion Server
Default Statusunaffected
Version < 520.2 TCU4
Version 520.2
Status unaffected
Version < 510.2 HF13
Version 510.1
Status unaffected
Version < 520.1 TCU4
Version 520.1
Status unaffected
Version < 511.5 TCU4 HF3
Version 511.1
Status unaffected
HerstellerHoneywell
Produkt Experion Server
Default Statusunaffected
Version <= 520.2 TCU4
Version 520.2
Status affected
Version <= 511.5 TCU4 HF3
Version 511.1
Status affected
Version <= 520.1 TCU4
Version 520.1
Status affected
HerstellerHoneywell
Produkt Experion Server
Default Statusunaffected
Version <= 520.2 TCU4
Version 520.2
Status affected
Version <= 520.1 TCU4
Version 520.1
Status affected
Version <= 511.5 TCU4 HF3
Version 520.2 TCU4 HFR2
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.15% 0.776
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@honeywell.com 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE-130 Improper Handling of Length Parameter Inconsistency

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.