CVE-2023-26597

Published: Jul 13, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected (5)

Products: Honeywell: C300 Firmware

Honeywell

1 product

C300 Firmware

Configuration A

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell C300 Firmware	From 501.1 to 501.6hf8
Honeywell C300 Firmware	From 510.1 to 510.2hf12
Honeywell C300 Firmware	From 511.1 to 511.5tcu3
Honeywell C300 Firmware	From 520.1 to 520.1tcu4
Honeywell C300 Firmware	From 520.2 to 520.2tcu2

Running on/with	Platform Versions
Honeywell C300	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://process.honeywell.com

Source: psirt@honeywell.com

Product

https://process.honeywell.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.