Lucene search
HistoryOct 28, 2022 - 2:15 a.m.
CVE-2021-38395
honeywell
experion pks
controllers
vulnerability
remote execution
arbitrary code
denial-of-service
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
69.7%
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
Affected configurations
Node
honeywellc200_firmwareMatch-
honeywellc200Match-
Node
honeywellc200e_firmwareMatch-
honeywellc200eMatch-
Node
honeywellc300_firmwareMatch-
honeywellc300Match-
Node
honeywellapplication_control_environment_firmwareMatch-
honeywellapplication_control_environmentMatch-
Related
cvelist
cvelist
CVE-2021-38395 Honeywell Experion PKS and ACE Controllers Injection
2021-10-05 00:00:00
nessus
nessus
cve
cve
CVE-2021-38395
2022-10-28 02:15:16
prion
prion
Race condition
2022-10-28 02:15:00
malwarebytes
malwarebytes
Your HP Support Assistant needs an update!
2022-09-08 11:00:00
thn
thn
ics
ics
Honeywell Experion PKS and ACE Controllers
2021-10-05 12:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
69.7%
Related for NVD:CVE-2021-38395