Malformed Messages Can Cause Pointer Overwrite and Remote Code Execution
CVE-2023-5404

8.1HIGH

Key Information:

Vendor

Honeywell

Vendor
CVE Published:
17 April 2024

What is CVE-2023-5404?

A vulnerability exists in Honeywell Industrial Control Systems where the server's response to a malformed message can lead to pointer overwriting. This flaw potentially enables attackers to execute arbitrary code remotely or cause system failures. Honeywell has issued security recommendations for affected products, emphasizing the importance of updating to secure versions to mitigate associated risks.

Affected Version(s)

Experion Server Experion LX 520.2

Experion Server Experion LX 511.1

Experion Server Experion LX 520.1

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-5404 : Malformed Messages Can Cause Pointer Overwrite and Remote Code Execution