CVE-2023-25178

Controller may be loaded with malicious firmware which could enable remote code execution.See Honeywell Security Notification for recommendations on upgrading and versioning.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
HoneywellCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
honeywellc300_firmware
501.1 ≤
𝑥
≤ 501.6hf8
honeywellc300_firmware
510.1 ≤
𝑥
≤ 510.2hf12
honeywellc300_firmware
511.1 ≤
𝑥
≤ 511.5tcu3
honeywellc300_firmware
520.1 ≤
𝑥
≤ 520.1tcu4
honeywellc300_firmware
520.2 ≤
𝑥
≤ 520.2tcu2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://process.honeywell.com
https://process.honeywell.com