CVE-2023-25178

Summary

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Software

VendorProductVersion RangeStatus
HoneywellC300501.1 <= 501.6HF8affected
HoneywellC300510.1 <= 510.2HF12affected
HoneywellC300511.1 <= 511.5TCU3affected
HoneywellC300520.1 <= 520.1TCU4affected
HoneywellC300520.2 <= 520.2TCU2affected
HoneywellC300510.1 <= 511.5TCU3affected
HoneywellC300520.1 <= 520.1TCU4affected
HoneywellC300520.2 <= 520.2TCU2affected

Weaknesses

  • CWE-345: CWE-345 Insufficient Verification of Data Authenticity

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References