HIGH🇬🇧 English

CVE-2023-26597

CVSS 7.5v3.1pub. 2023-07-13upd. 2024-11-21

Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Honeywell C300

    HW
    Honeywell
    wszystkie wersje
  • Honeywell C300 Firmware

    OS
    Honeywell
    501.1 – 501.6hf8510.1 – 510.2hf12511.1 – 511.5tcu3520.1 – 520.1tcu4520.2 – 520.2tcu2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2023-24480CRITICAL9.8ten sam produkt

Controller DoS due to stack overflow when decoding a message from the server.  See Honeywell Security Notific...

CVE-2023-25178CRITICAL9.8ten sam produkt

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Secur...

CVE-2023-25770CRITICAL9.8ten sam produkt

Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted ...

CVE-2021-38395CRITICAL9.1ten sam produkt

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of spe...

CVE-2021-38397CRITICAL10.0ten sam produkt

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, whi...