CVE-2023-5397

Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://process.honeywell.com
https://process.honeywell.com
https://process.honeywell.com

Configurations

No configuration.

History

21 Nov 2024, 08:41

Type	Values Removed	Values Added
References	~~() https://process.honeywell.com -~~	() https://process.honeywell.com -

08 Aug 2024, 16:35

Type	Values Removed	Values Added
Summary		(es) El servidor que recibe un mensaje con formato incorrecto para crear una nueva conexión podría provocar que un atacante realice una ejecución remota de código o provoque una falla. Consulte la Notificación de seguridad de Honeywell para obtener recomendaciones sobre actualización y control de versiones.

17 Apr 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-17 17:15

Updated : 2024-11-21 08:41

NVD link : CVE-2023-5397

Mitre link : CVE-2023-5397

CVE.ORG link : CVE-2023-5397

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2023-5397", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@honeywell.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2024-04-17T17:15:13.240", "references": [{"url": "https://process.honeywell.com", "source": "psirt@honeywell.com"}, {"url": "https://process.honeywell.com", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://process.honeywell.com", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@honeywell.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"}, {"lang": "es", "value": "El servidor que recibe un mensaje con formato incorrecto para crear una nueva conexi\u00f3n podr\u00eda provocar que un atacante realice una ejecuci\u00f3n remota de c\u00f3digo o provoque una falla. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones."}], "lastModified": "2024-11-21T08:41:41.427", "sourceIdentifier": "psirt@honeywell.com"}