CVE-2023-25948
13.07.2023, 12:15
Server information leak of configuration data when an error is generated in response to a specially crafted message.See Honeywell Security Notification for recommendations on upgrading and versioning.Enginsight
| Vendor | Product | Version |
|---|---|---|
| honeywell | experion_server | 501.1 ≤ 𝑥 ≤ 501.6hf8 |
| honeywell | experion_server | 510.1 ≤ 𝑥 ≤ 510.2hf12 |
| honeywell | experion_server | 511.1 ≤ 𝑥 ≤ 511.5tcu3 |
| honeywell | experion_server | 520.1 ≤ 𝑥 ≤ 520.1tcu4 |
| honeywell | experion_server | 520.2 ≤ 𝑥 ≤ 520.2tcu2 |
| honeywell | experion_station | 501.1 ≤ 𝑥 ≤ 501.6hf8 |
| honeywell | experion_station | 510.1 ≤ 𝑥 ≤ 510.2hf12 |
| honeywell | experion_station | 511.1 ≤ 𝑥 ≤ 511.5tcu3 |
| honeywell | experion_station | 520.1 ≤ 𝑥 ≤ 520.1tcu4 |
| honeywell | experion_station | 520.2 ≤ 𝑥 ≤ 520.2tcu2 |
| honeywell | engineering_station | 510.1 ≤ 𝑥 ≤ 511.tcu3 |
| honeywell | engineering_station | 520.1 ≤ 𝑥 ≤ 520.1tcu4 |
| honeywell | engineering_station | 520.2 ≤ 𝑥 ≤ 520.2tcu2 |
| honeywell | direct_station | 510.1 ≤ 𝑥 ≤ 511.tcu3 |
| honeywell | direct_station | 520.1 ≤ 𝑥 ≤ 520.1tcu4 |
| honeywell | direct_station | 520.2 ≤ 𝑥 ≤ 520.2tcu2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-394 - Unexpected Status Code or Return ValueThe software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.
- CWE-209 - Generation of Error Message Containing Sensitive InformationThe software generates an error message that includes sensitive information about its environment, users, or associated data.