CVE-2023-5394

EUVD-2023-57709
Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
honeywellexperion_process_knowledge_system
520.2 ≤
𝑥
≤ 520.2 TCU4
ADP
honeywellexperion_process_knowledge_system
510.1 ≤
𝑥
≤ 510.2 HF13
ADP
honeywellexperion_process_knowledge_system
520.1 ≤
𝑥
≤ 520.1 TCU4
ADP
honeywellexperion_process_knowledge_system
511.1 ≤
𝑥
≤ 511.5 TCU4 HF3
ADP
honeywellexperion_lx
520.2 ≤
𝑥
≤ 520.2 TCU4
ADP
honeywellexperion_lx
511.1 ≤
𝑥
≤ 511.5 TCU4 HF3
ADP
honeywellexperion_lx
520.1 ≤
𝑥
≤ 520.1 TCU4
ADP
honeywellplantcruise
520.2 ≤
𝑥
≤ 520.2 TCU4
ADP
honeywellplantcruise
520.1 ≤
𝑥
≤ 520.1 TCU4
ADP
honeywellplantcruise
520.2 TCU4 HFR2 ≤
𝑥
≤ 511.5 TCU4 HF3
ADP
Common Weakness Enumeration
References
https://process.honeywell.com
https://process.honeywell.com