CVE-2023-23585

Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.

See Honeywell Security Notification for recommendations on upgrading and versioning.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
HoneywellCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
honeywellexperion_server
501.1 ≤
𝑥
≤ 501.6hf8
honeywellexperion_server
510.1 ≤
𝑥
≤ 510.2hf12
honeywellexperion_server
511.1 ≤
𝑥
≤ 511.5tcu3
honeywellexperion_server
520.1 ≤
𝑥
≤ 520.1tcu4
honeywellexperion_server
520.2 ≤
𝑥
≤ 520.2tcu2
honeywellexperion_station
501.1 ≤
𝑥
≤ 501.6hf8
honeywellexperion_station
510.1 ≤
𝑥
≤ 510.2hf12
honeywellexperion_station
511.1 ≤
𝑥
≤ 511.5tcu3
honeywellexperion_station
520.1 ≤
𝑥
≤ 520.1tcu4
honeywellexperion_station
520.2 ≤
𝑥
≤ 520.2tcu2
honeywellengineering_station
510.1 ≤
𝑥
≤ 511.5tcu3
honeywellengineering_station
520.1 ≤
𝑥
≤ 520.1tcu4
honeywellengineering_station
520.2 ≤
𝑥
≤ 520.2tcu2
honeywelldirect_station
510.1 ≤
𝑥
≤ 511.5tcu3
honeywelldirect_station
520.1 ≤
𝑥
≤ 520.1tcu4
honeywelldirect_station
520.2 ≤
𝑥
≤ 520.2tcu2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://process.honeywell.com
https://process.honeywell.com