CVE-2023-5390

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC (affected versions not specified)

Description The issue is related to incorrect restriction of directory path names with limited access, potentially allowing an attacker to read files from the controller, exposing limited information from the device. An attacker could exploit this to read files from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC.

Recommendations Update to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. As a temporary workaround, consider restricting access to sensitive files and directories on the controller until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-36

Related Identifiers

BDU:2024-01444

CVE-2023-5390

Affected Products

Controledge Uoc

Honeywell Experion Controledge Virtualuoc

CVE-2023-5390

Weakness Enumeration

Related Identifiers

Affected Products

References · 8