CVE-2023-5392

Summary

C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Software

VendorProductVersion RangeStatus
HoneywellC300520.2 <= 520.2 TCU4affected
HoneywellC300510.1 <= 510.2 HF13affected
HoneywellC300520.1 <= 520.1 TCU4affected
HoneywellC300511.1 <= 511.5 TCU4 HF3affected
HoneywellC300520.2 <= 520.2 TCU4affected
HoneywellC300511.1 <= 511.5 TCU4 HF3affected
HoneywellC300520.1 <= 520.1 TCU4affected
HoneywellC300520.2 <= 520.2 TCU4affected
HoneywellC300520.1 <= 520.1 TCU4affected
HoneywellC300520.2 TCU4 HFR2 <= 511.5 TCU4 HF3affected

Weaknesses

  • CWE-1295: CWE-1295

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References