CVE-2023-25078

Name of the Vulnerable Software and Affected Versions Honeywell Experion PKS (affected versions not specified) Honeywell Experion LX (affected versions not specified) Experion PlantCruise (affected versions not specified)

Description The issue is related to a heap overflow occurring during the handling of a specially crafted message for a specific configuration operation, which can cause a Denial of Service (DoS) in the Server or Console Station. This can be exploited by a remote attacker to potentially execute arbitrary code.

Recommendations For Honeywell Experion PKS, consider upgrading to a newer version as recommended by Honeywell Security Notification. For Honeywell Experion LX, consider upgrading to a newer version as recommended by Honeywell Security Notification. For Experion PlantCruise, consider upgrading to a newer version as recommended by Honeywell Security Notification. As a temporary workaround, consider restricting access to the configuration operation that handles specially crafted messages until a patch is available.