CVE-2023-5394

Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution.Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
HoneywellCNA
7.4 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
honeywellexperion_process_knowledge_system
520.2 TCU4 ≤
𝑥
≤ 520.2 TCU4
honeywellexperion_process_knowledge_system
510.2 HF13 ≤
𝑥
≤ 510.2 HF13
honeywellexperion_process_knowledge_system
520.1 TCU4 ≤
𝑥
≤ 520.1 TCU4
honeywellexperion_process_knowledge_system
511.5 TCU4 HF3 ≤
𝑥
≤ 511.5 TCU4 HF3
honeywellexperion_lx
520.2 TCU4 ≤
𝑥
≤ 520.2 TCU4
honeywellexperion_lx
511.5 TCU4 HF3 ≤
𝑥
≤ 511.5 TCU4 HF3
honeywellexperion_lx
520.1 TCU4 ≤
𝑥
≤ 520.1 TCU4
honeywellplantcruise
520.2 TCU4 ≤
𝑥
≤ 520.2 TCU4
honeywellplantcruise
520.1 TCU4 ≤
𝑥
≤ 520.1 TCU4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://process.honeywell.com
https://process.honeywell.com