CVE-2023-5407

Summary

Controller denial of service due to improper handling of a specially crafted message received by the controller.

See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Software

VendorProductVersion RangeStatus
HoneywellC300520.2 <= 520.2 TCU4affected
HoneywellC300510.1 <= 510.2 HF13affected
HoneywellC300520.1 <= 520.1 TCU4affected
HoneywellC300511.1 <= 511.5 TCU4 HF3affected
HoneywellC300520.2 <= 520.2 TCU4affected
HoneywellC300511.1 <= 511.5 TCU4 HF3affected
HoneywellC300520.1 <= 520.1 TCU4affected
HoneywellC300520.2 <= 520.2 TCU4affected
HoneywellC300520.1 <= 520.1 TCU4affected
HoneywellC300520.2 TCU4 HFR2 <= 511.5 TCU4 HF3affected

Weaknesses

  • CWE-121: CWE-121

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References