CVE-2021-38399

Name of the Vulnerable Software and Affected Versions Honeywell Experion PKS versions C200, C200E, C300, and ACE controllers

Description The issue is related to insufficient restrictions on directory path names in the operating system of Honeywell's industrial portable computers. This can be exploited by a remote attacker to perform cross-site scripting attacks, potentially allowing access to unauthorized files and directories.

Recommendations For Honeywell Experion PKS C200, C200E, C300, and ACE controllers, consider restricting access to sensitive directories and files as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.