CVE-2023-25078

Published: Jul 13, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected (16)

Products: Honeywell: Experion Server, Experion Station, Engineering Station, Direct Station

4 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Honeywell Experion Server	From 501.1 to 501.6hf8
Honeywell Experion Server	From 510.1 to 510.2hf12
Honeywell Experion Server	From 511.1 to 511.5tcu3
Honeywell Experion Server	From 520.1 to 520.1tcu4
Honeywell Experion Server	From 520.2 to 520.2tcu2

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Honeywell Experion Station	From 501.1 to 501.6hf8
Honeywell Experion Station	From 510.1 to 510.2hf12
Honeywell Experion Station	From 511.1 to 511.5tcu3
Honeywell Experion Station	From 520.1 to 520.1tcu4
Honeywell Experion Station	From 520.2 to 520.2tcu2

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Honeywell Engineering Station	From 510.1 to 511.tcu3
Honeywell Engineering Station	From 520.1 to 520.1tcu4
Honeywell Engineering Station	From 520.2 to 520.2tcu2

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Honeywell Direct Station	From 510.1 to 511.tcu3
Honeywell Direct Station	From 520.1 to 520.1tcu4
Honeywell Direct Station	From 520.2 to 520.2tcu2

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://process.honeywell.com

Source: psirt@honeywell.com

Product

https://process.honeywell.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.