Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Mitigation Third Party Advisory US Government Resource |
https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product |
https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Mitigation Third Party Advisory US Government Resource |
https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 06:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
References | () https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 - Mitigation, Third Party Advisory, US Government Resource | |
References | () https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf - Product |
Information
Published : 2022-10-28 02:15
Updated : 2024-11-21 06:16
NVD link : CVE-2021-38395
Mitre link : CVE-2021-38395
CVE.ORG link : CVE-2021-38395
JSON object : View
Products Affected
honeywell
- c300
- application_control_environment
- application_control_environment_firmware
- c200
- c300_firmware
- c200e_firmware
- c200_firmware
- c200e
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')