CVE-2023-26597
13.07.2023, 12:15
Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller.See Honeywell Security Notification for recommendations on upgrading and versioning.See Honeywell Security Notification for recommendations on upgrading and versioning.Enginsight
| Vendor | Product | Version |
|---|---|---|
| honeywell | c300_firmware | 501.1 ≤ 𝑥 ≤ 501.6hf8 |
| honeywell | c300_firmware | 510.1 ≤ 𝑥 ≤ 510.2hf12 |
| honeywell | c300_firmware | 511.1 ≤ 𝑥 ≤ 511.5tcu3 |
| honeywell | c300_firmware | 520.1 ≤ 𝑥 ≤ 520.1tcu4 |
| honeywell | c300_firmware | 520.2 ≤ 𝑥 ≤ 520.2tcu2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.