CVE-2021-38395

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04	Mitigation Third Party Advisory US Government Resource
https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:honeywell:c200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:honeywell:c200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:honeywell:c200e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:honeywell:c200e:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:honeywell:c300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:honeywell:application_control_environment_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:honeywell:application_control_environment:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-10-28 02:15

Updated : 2024-02-28 19:29

NVD link : CVE-2021-38395

Mitre link : CVE-2021-38395

CVE.ORG link : CVE-2021-38395

JSON object : View

Products Affected

honeywell

c300
c200_firmware
c200e
application_control_environment
c200e_firmware
application_control_environment_firmware
c200
c300_firmware

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2021-38395", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2022-10-28T02:15:16.857", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf", "tags": ["Product"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition."}, {"lang": "es", "value": "Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables a una neutralizaci\u00f3n inadecuada de elementos especiales en la salida, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario de forma remota y provocar una condici\u00f3n de Denegaci\u00f3n de Servicio."}], "lastModified": "2022-11-02T18:12:55.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:c200_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89205AE1-0EE7-4665-8FE6-5312EAD5FB2D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:c200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B3F154A3-2438-4420-8B6E-E0521376714E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:c200e_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B06800D-443D-4237-8E91-98735E5EA148"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:c200e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6ACB0AD6-5A19-4DEC-9F47-03EC6FA80AC0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:c300_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C79B7D1-630B-4723-BFCA-66F03F93D1FB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CEA14D67-E320-490E-92E6-CC135EBBA245"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:application_control_environment_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83F4F4B6-E05B-43B9-96ED-02919E42AFCC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:application_control_environment:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7C79B55A-11AB-441E-A544-9678616E9BA4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}