Honeywell Security Notification: Upgrade and Versioning Recommendations for Server Hostname Translation to IP Address Manipulation Vulnerability
CVE-2023-5403

8.1HIGH

Key Information:

Vendor: Honeywell
Status: Experion Server
Vendor: CVE Published:; 17 April 2024

What is CVE-2023-5403?

A vulnerability has been identified in Honeywell products that allows for the manipulation of server hostname translations to IP addresses. Exploitation of this vulnerability can enable an attacker to execute arbitrary code remotely or trigger a service failure. It is critical for users to review the impacted versions of Honeywell products and apply recommended security patches and updates to mitigate the risks. For more information on securing your systems, reference the security notifications provided by Honeywell.

Affected Version(s)

Experion Server Experion LX 520.2 <= 520.2 TCU4

Experion Server Experion LX 511.1 <= 511.5 TCU4 HF3

Experion Server Experion LX 520.1 <= 520.1 TCU4

References

https://process.honeywell.com

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Oct 4, 2023