Remote Code Execution Vulnerability in Honeywell Saia PG5 Controls Suite Due to CAB File Parsing Directory Traversal
CVE-2023-51603

8.8HIGH

Key Information:

Vendor

Honeywell

Vendor
CVE Published:
3 May 2024

What is CVE-2023-51603?

A vulnerability exists in the Honeywell Saia PG5 Controls Suite due to improper validation of user-supplied paths when parsing CAB files. As a result, attackers can exploit this flaw to execute arbitrary code, provided that the victim interacts with a malicious page or file. Successful exploitation can compromise the current user's environment, posing significant risks to affected installations.

Affected Version(s)

Saia PG5 Controls Suite PG5 v2.3.193

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.