CVE-2023-24480

Summary

Controller DoS due to stack overflow when decoding a message from the server. 

See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Software

VendorProductVersion RangeStatus
HoneywellC300501.1 <= 501.6HF8affected
HoneywellC300510.1 <= 510.2HF12affected
HoneywellC300511.1 <= 511.5TCU3affected
HoneywellC300520.1 <= 520.1TCU4affected
HoneywellC300520.2 <= 520.2TCU2affected
HoneywellC300510.1 <= 511.5TCU3affected
HoneywellC300520.1 <= 520.1TCU4affected
HoneywellC300520.2 <= 520.2TCU2affected

Weaknesses

  • CWE-116: CWE-116 Improper Encoding or Escaping of Output

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References