CVE-2023-5393

Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://process.honeywell.com
https://process.honeywell.com

Configurations

No configuration.

History

21 Nov 2024, 08:41

Type	Values Removed	Values Added
References	~~() https://process.honeywell.com -~~	() https://process.honeywell.com -

24 Apr 2024, 18:15

Type	Values Removed	Values Added
Summary	(en) Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.	(en) Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

12 Apr 2024, 12:44

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-11 20:15

Updated : 2024-11-21 08:41

NVD link : CVE-2023-5393

Mitre link : CVE-2023-5393

CVE.ORG link : CVE-2023-5393

JSON object : View

Products Affected

No product.

CWE

CWE-130

Improper Handling of Length Parameter Inconsistency

{"id": "CVE-2023-5393", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@honeywell.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2024-04-11T20:15:10.000", "references": [{"url": "https://process.honeywell.com", "source": "psirt@honeywell.com"}, {"url": "https://process.honeywell.com", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@honeywell.com", "description": [{"lang": "en", "value": "CWE-130"}]}], "descriptions": [{"lang": "en", "value": "Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n \n\n"}, {"lang": "es", "value": "El servidor que recibe un mensaje con formato incorrecto que provoca una desconexi\u00f3n de un nombre de host puede provocar un desbordamiento de la pila, lo que resulta en una posible ejecuci\u00f3n remota de c\u00f3digo. Honeywell recomienda actualizar a la versi\u00f3n m\u00e1s reciente del producto. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones."}], "lastModified": "2024-11-21T08:41:40.953", "sourceIdentifier": "psirt@honeywell.com"}

7.4 /10