Honeywell C300_firmware

7 CVEs affecting Honeywell C300_firmware. Latest disclosed: 2023-07-13. Critical: 5, High: 2.

Top CVEs affecting Honeywell C300_firmware
CVESeverityScorePublishedSummary
CVE-2021-38397Critical10.02022-10-28Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbi…
CVE-2023-25770Critical9.82023-07-13Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for…
CVE-2023-25178Critical9.82023-07-13Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading…
CVE-2023-24480Critical9.82023-07-13Controller DoS due to stack overflow when decoding a message from the server.  See Honeywell Security Notification for recommendations on upgrading and versio…
CVE-2021-38395Critical9.12022-10-28Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attac…
CVE-2023-26597High7.52023-07-13Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recomm…
CVE-2021-38399High7.52022-10-28Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized fil…