CVE-2023-5404

Summary

Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Software

VendorProductVersion RangeStatus
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server510.1 <= 510.2 HF13affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server511.1 <= 511.5 TCU4 HF3affected
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server511.1 <= 511.5 TCU4 HF3affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server520.2 <= 520.2 TCU4affected
HoneywellExperion Server520.1 <= 520.1 TCU4affected
HoneywellExperion Server520.2 TCU4 HFR2 <= 511.5 TCU4 HF3affected

Weaknesses

  • CWE-122: CWE-122

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References