PT-2023-3880 · Honeywell · Honeywell Experion Pks+2
Published
2023-07-13
·
Updated
2024-04-22
·
CVE-2023-24480
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Honeywell Experion PKS (affected versions not specified)
Honeywell Experion LX (affected versions not specified)
Experion PlantCruise (affected versions not specified)
Description
The issue is related to a stack overflow when decoding a message from the server, which can lead to a denial of service (DoS). This is caused by a buffer overflow in the stack. An attacker could potentially exploit this issue to execute arbitrary code remotely.
Recommendations
For Honeywell Experion PKS, refer to the Honeywell Security Notification for recommendations on upgrading and versioning.
For Honeywell Experion LX, refer to the Honeywell Security Notification for recommendations on upgrading and versioning.
For Experion PlantCruise, refer to the Honeywell Security Notification for recommendations on upgrading and versioning.
As a temporary workaround, consider disabling the decoding of messages from the server until a patch is available.
Fix
Stack Overflow
Memory Corruption
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Experion Plantcruise
Honeywell Experion Lx
Honeywell Experion Pks