Honeywell Experion Server
17 CVEs affecting Honeywell Experion Server. Latest disclosed: 2024-04-17. Critical: 2, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-25078 | Critical | 9.8 | 2023-07-13 | Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See H… |
CVE-2023-23585 | Critical | 9.8 | 2023-07-13 | Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell S… |
CVE-2023-5404 | High | 8.1 | 2024-04-17 | Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notif… |
CVE-2023-5403 | High | 8.1 | 2024-04-17 | Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Se… |
CVE-2023-5401 | High | 8.1 | 2024-04-17 | Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker perform… |
CVE-2023-5400 | High | 8.1 | 2024-04-17 | Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performi… |
CVE-2023-5397 | High | 8.1 | 2024-04-17 | Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell… |
CVE-2023-5395 | High | 8.1 | 2024-04-17 | Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Ho… |
CVE-2023-25948 | High | 7.5 | 2023-07-13 | Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for re… |
CVE-2023-24474 | High | 7.5 | 2023-07-13 | Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message |
CVE-2023-22435 | High | 7.5 | 2023-07-13 | Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. |
CVE-2023-5396 | High | 7.4 | 2024-04-17 | Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywe… |
CVE-2023-5394 | High | 7.4 | 2024-04-11 | Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code e… |
CVE-2023-5393 | High | 7.4 | 2024-04-11 | Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell… |
CVE-2023-5406 | Medium | 5.9 | 2024-04-17 | Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notifica… |
CVE-2023-5405 | Medium | 5.9 | 2024-04-17 | Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Securi… |
CVE-2023-5398 | Medium | 5.9 | 2024-04-17 | Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for r… |