7.4

CVE-2023-5394

Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerhoneywell
Produkt experion_process_knowledge_system
Default Statusunaffected
Version <= 520.2 TCU4
Version 520.2
Status affected
Version <= 510.2 HF13
Version 510.1
Status affected
Version <= 520.1 TCU4
Version 520.1
Status affected
Version <= 511.5 TCU4 HF3
Version 511.1
Status affected
Herstellerhoneywell
Produkt experion_lx
Default Statusunaffected
Version <= 520.2 TCU4
Version 520.2
Status affected
Version <= 511.5 TCU4 HF3
Version 511.1
Status affected
Version <= 520.1 TCU4
Version 520.1
Status affected
Herstellerhoneywell
Produkt plantcruise
Default Statusunaffected
Version <= 520.2 TCU4
Version 520.2
Status affected
Version <= 520.1 TCU4
Version 520.1
Status affected
Version <= 511.5 TCU4 HF3
Version 520.2 TCU4 HFR2
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.85% 0.741
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@honeywell.com 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.