Lucene search

[email protected]CVE-2021-38397

HistoryOct 28, 2022 - 2:15 a.m.

CVE-2021-38397

2022-10-2802:15:16

CWE-434

[email protected]

web.nvd.nist.gov

cve-2021-38397

honeywell

experion pks

c200

c200e

c300

ace

controllers

vulnerability

unrestricted file upload

remote code execution

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

Affected configurations

NVD

Node

honeywellc200_firmwareMatch-

AND

honeywellc200Match-

Node

honeywellc200e_firmwareMatch-

AND

honeywellc200eMatch-

Node

honeywellc300_firmwareMatch-

AND

honeywellc300Match-

Node

honeywellapplication_control_environment_firmwareMatch-

AND

honeywellapplication_control_environmentMatch-

CPENameOperatorVersion
honeywell:c200_firmwarehoneywell c200 firmwareeq-

CPE	Name	Operator	Version
honeywell:c200_firmware	honeywell c200 firmware	eq	-

CNA Affected

[
  {
    "vendor": "Honeywell",
    "product": "Experion PKS",
    "versions": [
      {
        "version": "C200",
        "status": "affected"
      },
      {
        "version": "C200E",
        "status": "affected"
      },
      {
        "version": "C300",
        "status": "affected"
      },
      {
        "version": "ACE controllers",
        "status": "affected"
      }
    ]
  }
]