Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Mitigation Third Party Advisory US Government Resource |
https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
No history.
Information
Published : 2022-10-28 02:15
Updated : 2024-02-28 19:29
NVD link : CVE-2021-38395
Mitre link : CVE-2021-38395
CVE.ORG link : CVE-2021-38395
JSON object : View
Products Affected
honeywell
- c300
- c200_firmware
- c200e
- application_control_environment
- c200e_firmware
- application_control_environment_firmware
- c200
- c300_firmware
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')