CVE-2023-5878

Summary

Honeywell OneWireless

Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to

R322.3, R330.2 or the most recent version of this product2.

Affected Software

VendorProductVersion RangeStatus
HoneywellOneWireless Network Wireless Device Manager310.1 <= 322.2affected
HoneywellOneWireless Network Wireless Device Manager323.1 <= 330.1affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References