CVE-2021-38399

Summary

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.

Affected Software

VendorProductVersion RangeStatus
HoneywellExperion PKSC200affected
HoneywellExperion PKSC200Eaffected
HoneywellExperion PKSC300affected
HoneywellExperion PKSACE controllersaffected

Weaknesses

  • CWE-23: CWE-23: Relative Path Traversal

Workarounds

Honeywell recommends users follow all guidance in the Experion Network and Security Planning Guide to prevent attacks by malicious actors.

Additional information can be found in Honeywell Support document SN2021-02-22-01.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References