CVE-2023-5394

Summary

Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Software

VendorProductVersion RangeStatus
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server510.1 <= 510.2 HF13affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server511.1 <= 511.5 TCU4 HF3affected
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server511.1 <= 511.5 TCU4 HF3affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server520.2 TCU4 HFR2 <= 511.5 TCU4 HF3affected

Weaknesses

  • CWE-119: CWE-119

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References