Honeywell Experion PKS and ACE Controllers Injection
CVE-2021-38395
9.1CRITICAL
What is CVE-2021-38395?
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
Affected Version(s)
Experion PKS C200
Experion PKS C200E
Experion PKS C300
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA.