Server deserialization missing boundary checks - heap overflow in communication between server and controller
CVE-2023-24474

7.5HIGH

Key Information:

Vendor: Honeywell
Status: Experion Server; Experion Station; Engineering Station; Direct Station
Vendor: CVE Published:; 13 July 2023

What is CVE-2023-24474?

The Experion server by Honeywell is vulnerable to a heap overflow issue that can be triggered by processing specially crafted messages. This vulnerability could result in a denial-of-service (DoS), impacting the availability of the system. It is crucial for users of the Experion server to implement necessary security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Direct Station Experion LX 510.5 <= 511.5TCU3

Direct Station Experion LX 520.1 <= 520.1TCU4

Direct Station Experion LX 520.2 <= 520.2TCU2

References

https://process.honeywell.com

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2023
Vulnerability Reserved
Feb 28, 2023