Remote Code Execution Vulnerability in Honeywell Saia PG5 Controls Suite
CVE-2023-51599

8.8HIGH

Key Information:

Vendor

Honeywell

Vendor
CVE Published:
3 May 2024

What is CVE-2023-51599?

A vulnerability exists in the Honeywell Saia PG5 Controls Suite that allows remote code execution through directory traversal. This specific flaw arises from improper validation of user-supplied paths during ZIP file parsing. An attacker can exploit this weakness by enticing a user to visit a malicious webpage or open a compromised file. If successful, the attacker is granted the ability to execute arbitrary code in the context of the current user, potentially compromising the affected system's integrity.

Affected Version(s)

Saia PG5 Controls Suite PG5 v2.3.193

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2023-51599 : Remote Code Execution Vulnerability in Honeywell Saia PG5 Controls Suite