← Back

CVE-2021-38395

nvd nist
Published: Oct 28, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

Affected (4)

Honeywell
4 products
C200 Firmware
C200e Firmware
C300 Firmware
Application Control Environment Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
C200 Firmware
All versions
Running on/withPlatform Versions
Honeywell
C200
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
C200e Firmware
All versions
Running on/withPlatform Versions
Honeywell
C200e
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
C300 Firmware
All versions
Running on/withPlatform Versions
Honeywell
C300
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Application Control Environment Firmware
All versions
Running on/withPlatform Versions
Honeywell
Application Control Environment
All versions

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (4)

Source: ics-cert@hq.dhs.gov
MitigationThird Party AdvisoryUS Government Resource
Source: ics-cert@hq.dhs.gov
Product
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.