CVE-2023-5392

C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function.Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
HoneywellCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
honeywellc300
510.2_hf13 ≤
𝑥
≤ 510.2_hf13
honeywellc300
511.5_tcu4_hf3 ≤
𝑥
≤ 511.5_tcu4_hf3
honeywellc300
520.1_tcu4 ≤
𝑥
≤ 520.1_tcu4
honeywellc300
520.2_tcu4 ≤
𝑥
≤ 520.2_tcu4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://process.honeywell.com
https://process.honeywell.com