Lucene search

[email protected]NVD:CVE-2023-25178

HistoryJul 13, 2023 - 11:15 a.m.

CVE-2023-25178

2023-07-1311:15:09

CWE-345

[email protected]

web.nvd.nist.gov

cve-2023-25178

controller

firmware

remote code execution

honeywell security notification

upgrading

versioning

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

68.2%

JSON

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected configurations

NVD

Node

honeywellc300_firmwareRange501.1–501.6hf8

honeywellc300_firmwareRange510.1–510.2hf12

honeywellc300_firmwareRange511.1–511.5tcu3

honeywellc300_firmwareRange520.1–520.1tcu4

honeywellc300_firmwareRange520.2–520.2tcu2

AND

honeywellc300Match-

References

process.honeywell.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for NVD:CVE-2023-25178

nessus1 cve1 prion1 cvelist1 ics1