Lucene search
HistoryJul 13, 2023 - 12:15 p.m.
CVE-2023-25948
cve-2023-25948
server
information leak
configuration data
error
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.1%
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
Affected configurations
Node
honeywellexperion_serverRange501.1–501.6hf8
ORhoneywellexperion_serverRange510.1–510.2hf12
ORhoneywellexperion_serverRange511.1–511.5tcu3
ORhoneywellexperion_serverRange520.1–520.1tcu4
ORhoneywellexperion_serverRange520.2–520.2tcu2
Node
honeywellexperion_stationRange501.1–501.6hf8
ORhoneywellexperion_stationRange510.1–510.2hf12
ORhoneywellexperion_stationRange511.1–511.5tcu3
ORhoneywellexperion_stationRange520.1–520.1tcu4
ORhoneywellexperion_stationRange520.2–520.2tcu2
Node
honeywellengineering_stationRange510.1–511.tcu3
ORhoneywellengineering_stationRange520.1–520.1tcu4
ORhoneywellengineering_stationRange520.2–520.2tcu2
Node
honeywelldirect_stationRange510.1–511.tcu3
ORhoneywelldirect_stationRange520.1–520.1tcu4
ORhoneywelldirect_stationRange520.2–520.2tcu2
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "Experion Server",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "501.6HF8",
"status": "affected",
"version": "501.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "510.2HF12",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "Experion Station",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "501.6HF8",
"status": "affected",
"version": "501.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "510.2HF12",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX",
"Experion PlantCruise"
],
"product": "Engineering Station",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX",
"Experion PlantCruise"
],
"product": "Direct Station",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "510.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
}
]References
Related
cvelist
cvelist
CVE-2023-25948 Server Data type confusion - info leak
2023-07-13 11:09:30
prion
prion
Information disclosure
2023-07-13 12:15:00
nvd
nvd
CVE-2023-25948
2023-07-13 12:15:09
ics
ics
Honeywell Experion PKS, LX and PlantCruise
2023-07-13 12:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.1%
Related for CVE-2023-25948