CVE-2023-5398

Summary

Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Software

VendorProductVersion RangeStatus
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server510.1 <= 510.2 HF13affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server511.1 <= 511.5 TCU4 HF3affected
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server511.1 <= 511.5 TCU4 HF3affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server520.2 TCU4 HFR2 <= 511.5 TCU4 HF3affected

Weaknesses

  • CWE-1327: CWE-1327

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References