CVE-2023-5396

Summary

Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Software

VendorProductVersion RangeStatus
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server510.1 <= 510.2 HF13affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server511.1 <= 511.5 TCU4 HF3affected
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server511.1 <= 511.5 TCU4 HF3affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server520.2 TCU4 HFR2 <= 511.5 TCU4 HF3affected

Weaknesses

  • CWE-805: CWE-805

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References