CRITICAL🇬🇧 English

CVE-2023-24480

CVSS 9.8v3.1pub. 2023-07-13upd. 2024-11-21

Controller DoS due to stack overflow when decoding a message from the server.  See Honeywell Security Notification for recommendations on upgrading and versioning.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Honeywell C300

    HW
    Honeywell
    wszystkie wersje
  • Honeywell C300 Firmware

    OS
    Honeywell
    501.1 – 501.6hf8510.1 – 510.2hf12511.1 – 511.5tcu3520.1 – 520.1tcu4520.2 – 520.2tcu2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-25178CRITICAL9.8ten sam produkt

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Secur...

CVE-2023-25770CRITICAL9.8ten sam produkt

Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted ...

CVE-2021-38395CRITICAL9.1ten sam produkt

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of spe...

CVE-2021-38397CRITICAL10.0ten sam produkt

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, whi...

CVE-2023-26597HIGH7.5ten sam produkt

Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controlle...

CVE-2023-24480 — CRITICAL 9.8 | CVEbaza.pl