Honeywell C300_firmware
7 CVEs affecting Honeywell C300_firmware. Latest disclosed: 2023-07-13. Critical: 5, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-38397 | Critical | 10.0 | 2022-10-28 | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbi… |
CVE-2023-25770 | Critical | 9.8 | 2023-07-13 | Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for… |
CVE-2023-25178 | Critical | 9.8 | 2023-07-13 | Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading… |
CVE-2023-24480 | Critical | 9.8 | 2023-07-13 | Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versio… |
CVE-2021-38395 | Critical | 9.1 | 2022-10-28 | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attac… |
CVE-2023-26597 | High | 7.5 | 2023-07-13 | Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recomm… |
CVE-2021-38399 | High | 7.5 | 2022-10-28 | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized fil… |