CVE-2023-26597

Summary

Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Software

VendorProductVersion RangeStatus
HoneywellC300501.1 <= 501.6HF8affected
HoneywellC300510.1 <= 510.2HF12affected
HoneywellC300511.1 <= 511.5TCU3affected
HoneywellC300520.1 <= 520.1TCU4affected
HoneywellC300520.2 <= 520.2TCU2affected
HoneywellC300510.1 <= 511.5TCU3affected
HoneywellC300520.1 <= 520.1TCU4affected
HoneywellC300520.2 <= 520.2TCU2affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References