CVE-2023-25770

Summary

Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Software

VendorProductVersion RangeStatus
HoneywellC300501.1 <= 501.6HF8affected
HoneywellC300510.1 <= 510.2HF12affected
HoneywellC300511.1 <= 511.5TCU3affected
HoneywellC300520.1 <= 520.1TCU4affected
HoneywellC300520.2 <= 520.2TCU2affected
HoneywellC300510.1 <= 511.5TCU3affected
HoneywellC300520.1 <= 520.1TCU4affected
HoneywellC300520.2 <= 520.2TCU2affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References