Heap Overflow Vulnerability in Honeywell Security Notification Could Lead to Remote Code Execution or Failure
CVE-2023-5400

8.1HIGH

Key Information:

Vendor

Honeywell

Vendor
CVE Published:
17 April 2024

What is CVE-2023-5400?

A vulnerability exists within certain Honeywell Industrial Control Systems that can be exploited through a malformed message targeting specific key values. This heap overflow condition may permit an unauthorized attacker to execute remote code or create system failures. Organizations utilizing affected versions are urged to review the security notifications issued by Honeywell and apply the necessary upgrades and remediation measures to secure their systems.

Affected Version(s)

Experion Server Experion LX 520.2

Experion Server Experion LX 511.1

Experion Server Experion LX 520.1

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-5400 : Heap Overflow Vulnerability in Honeywell Security Notification Could Lead to Remote Code Execution or Failure