CVE-2023-22435

Published: Jul 13, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.

Affected (16)

Products: Honeywell: Experion Server, Experion Station, Engineering Station, Direct Station

4 products

Experion Server

Experion Station

Engineering Station

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Honeywell Experion Server	From 501.1 to 501.6hf8
Honeywell Experion Server	From 510.1 to 510.2hf12
Honeywell Experion Server	From 511.1 to 511.5tcu3
Honeywell Experion Server	From 520.1 to 520.1tcu4
Honeywell Experion Server	From 520.2 to 520.2tcu2

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Honeywell Experion Station	From 501.1 to 501.6hf8
Honeywell Experion Station	From 510.1 to 510.2hf12
Honeywell Experion Station	From 511.1 to 511.5tcu3
Honeywell Experion Station	From 520.1 to 520.1tcu4
Honeywell Experion Station	From 520.2 to 520.2tcu2

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Honeywell Engineering Station	From 510.1 to 511.5tcu3
Honeywell Engineering Station	From 520.1 to 520.1tcu4
Honeywell Engineering Station	From 520.2 to 520.2tcu2

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Honeywell Direct Station	From 510.1 to 511.5tcu3
Honeywell Direct Station	From 520.1 to 520.1tcu4
Honeywell Direct Station	From 520.2 to 520.2tcu2

Related CWEs

Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://process.honeywell.com

Source: psirt@honeywell.com

Product

https://process.honeywell.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.