Remote Code Execution Vulnerability in Honeywell Saia PG5 Controls Suite
CVE-2023-51599

8.8HIGH

Key Information:

Vendor: Honeywell
Status: Saia Pg5 Controls Suite
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-51599?

A vulnerability exists in the Honeywell Saia PG5 Controls Suite that allows remote code execution through directory traversal. This specific flaw arises from improper validation of user-supplied paths during ZIP file parsing. An attacker can exploit this weakness by enticing a user to visit a malicious webpage or open a compromised file. If successful, the attacker is granted the ability to execute arbitrary code in the context of the current user, potentially compromising the affected system's integrity.

Affected Version(s)

Saia PG5 Controls Suite PG5 v2.3.193

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1848/

x_research-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024