← Back

CVE-2023-25948

nvd nist
Published: Jul 13, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected (16)

Honeywell
4 products
Experion Server
Experion Station
Engineering Station
Direct Station
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Honeywell
Experion Server
From 501.1 to 501.6hf8
Experion Server
From 510.1 to 510.2hf12
Experion Server
From 511.1 to 511.5tcu3
Experion Server
From 520.1 to 520.1tcu4
Experion Server
From 520.2 to 520.2tcu2
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
Honeywell
Experion Station
From 501.1 to 501.6hf8
Experion Station
From 510.1 to 510.2hf12
Experion Station
From 511.1 to 511.5tcu3
Experion Station
From 520.1 to 520.1tcu4
Experion Station
From 520.2 to 520.2tcu2
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Honeywell
Engineering Station
From 510.1 to 511.tcu3
Engineering Station
From 520.1 to 520.1tcu4
Engineering Station
From 520.2 to 520.2tcu2
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Honeywell
Direct Station
From 510.1 to 511.tcu3
Direct Station
From 520.1 to 520.1tcu4
Direct Station
From 520.2 to 520.2tcu2

Related CWEs

CWE-209
Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
CWE-394
Unexpected Status Code or Return Value
The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.

References (2)

Source: psirt@honeywell.com
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.