CVE-2023-5389

Name of the Vulnerable Software and Affected Versions Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC (affected versions not specified)

Description The issue is related to the use of dangerous methods or functions in the Configuration Handler component of the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC software. An attacker could potentially exploit this vulnerability, leading to the ability to modify files, which may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered.

Recommendations Update to the most recent version of the product, following the recommendations provided in the Honeywell Security Notification for upgrading and versioning. As a temporary workaround, consider restricting access to the Configuration Handler component until a patch is available. Avoid using the vulnerable component for critical operations until the issue is resolved. At the moment, there is no information about a specific version that contains a fix for this vulnerability, so updating to the latest version is recommended.