Lucene search

[email protected]CVE-2021-38395

HistoryOct 28, 2022 - 2:15 a.m.

CVE-2021-38395

2022-10-2802:15:16

CWE-74

[email protected]

web.nvd.nist.gov

honeywell

experion

pks

controllers

cve-2021-38395

rce

vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

Affected configurations

NVD

Node

honeywellc200_firmwareMatch-

AND

honeywellc200Match-

Node

honeywellc200e_firmwareMatch-

AND

honeywellc200eMatch-

Node

honeywellc300_firmwareMatch-

AND

honeywellc300Match-

Node

honeywellapplication_control_environment_firmwareMatch-

AND

honeywellapplication_control_environmentMatch-

CPENameOperatorVersion
honeywell:c200_firmwarehoneywell c200 firmwareeq-

CPE	Name	Operator	Version
honeywell:c200_firmware	honeywell c200 firmware	eq	-

CNA Affected

[
  {
    "vendor": "Honeywell",
    "product": "Experion PKS",
    "versions": [
      {
        "version": "C200",
        "status": "affected"
      },
      {
        "version": "C200E",
        "status": "affected"
      },
      {
        "version": "C300",
        "status": "affected"
      },
      {
        "version": "ACE controllers",
        "status": "affected"
      }
    ]
  }
]