CVE-2023-5393

Summary

Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Software

VendorProductVersion RangeStatus
HoneywellExperion Server520.2 < 520.2 TCU4unaffected
HoneywellExperion Server510.1 < 510.2 HF13unaffected
HoneywellExperion Server520.1 < 520.1 TCU4unaffected
HoneywellExperion Server511.1 < 511.5 TCU4 HF3unaffected
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server511.1 <= 511.5 TCU4 HF3affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server520.2 TCU4 HFR2 <= 511.5 TCU4 HF3affected

Weaknesses

  • CWE-130: CWE-130

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References