Malformed Message May Cause Stack Overflow and Remote Code Execution
CVE-2023-5395

8.1HIGH

Key Information:

Vendor

Honeywell

Vendor
CVE Published:
17 April 2024

What is CVE-2023-5395?

A vulnerability exists in Honeywell Process Solutions where the server's handling of malformed messages can result in a stack overflow. This flaw occurs when an attacker sends a crafted message utilizing an internal hostname reference, potentially allowing for remote code execution. Honeywell has advised users to upgrade to the latest versions to mitigate this security risk and enhance protection against such exploitation attempts.

Affected Version(s)

Experion Server Experion LX 520.2

Experion Server Experion LX 511.1

Experion Server Experion LX 520.1

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.