CVE-2021-38395

Name of the Vulnerable Software and Affected Versions Honeywell Experion PKS versions C200, C200E, C300, and ACE controllers

Description The issue exists due to improper neutralization of special elements. This may allow a remote attacker to execute arbitrary code and cause a denial-of-service condition, potentially through cross-site scripting attacks.

Recommendations For Honeywell Experion PKS C200, C200E, C300, and ACE controllers, update to a version that properly neutralizes special elements in output to prevent arbitrary code execution and denial-of-service conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.