Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
honeywell

Experion Server

20 Versions 17 CVEs

Versions

510.2HF12

OTHER 5 CVEs

520.2

MAJOR_MINOR 17 CVEs

520.2TCU2

OTHER 5 CVEs

511.5 TCU4 HF4

OTHER 4 CVEs

510.2 HF13

OTHER 11 CVEs

520.1TCU4

OTHER 5 CVEs

520.2 TCU4 HF2

OTHER 4 CVEs

511.5TCU3

OTHER 5 CVEs

510.1

MAJOR_MINOR 17 CVEs

520.2 TCU4 HFR2

OTHER 12 CVEs

520.2 TCU4

OTHER 12 CVEs

520.1 TCU4

OTHER 12 CVEs

511.1

MAJOR_MINOR 17 CVEs

510.2 HF14

OTHER 4 CVEs

501.6HF8

OTHER 5 CVEs

501.1

MAJOR_MINOR 5 CVEs

511.5 TCU4 HF3

OTHER 12 CVEs

520.1 TCU5

OTHER 4 CVEs

520.1

MAJOR_MINOR 17 CVEs

520.2 TCU4 HF1

OTHER 4 CVEs

Recent CVEs

CVE-2023-5406

Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.

MEDIUM Apr 17, 2024

CVE-2023-5405

Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.

MEDIUM Apr 17, 2024

CVE-2023-5404

Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning.

HIGH Apr 17, 2024

CVE-2023-5400

Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.  See Honeywell Security Notification for recommendations on upgrading and versioning.

HIGH Apr 17, 2024

CVE-2023-5398

Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning.

MEDIUM Apr 17, 2024

CVE-2023-5397

Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.

HIGH Apr 17, 2024

CVE-2023-5396

Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.

HIGH Apr 17, 2024

CVE-2023-25948

Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.

HIGH Jul 13, 2023

CVE-2023-25078

Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.  See Honeywell Security Notification for recommendations on upgrading and versioning.

CRITICAL Jul 13, 2023

CVE-2023-24474

Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message

HIGH Jul 13, 2023