Vulnerabilities (CVE)

Filtered by vendor Honeywell Subscribe
Filtered by product C300
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-26597 1 Honeywell 2 C300, C300 Firmware 2024-11-21 N/A 7.5 HIGH
Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2023-25770 1 Honeywell 2 C300, C300 Firmware 2024-11-21 N/A 9.8 CRITICAL
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2023-25178 1 Honeywell 2 C300, C300 Firmware 2024-11-21 N/A 9.8 CRITICAL
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2023-24480 1 Honeywell 2 C300, C300 Firmware 2024-11-21 N/A 9.8 CRITICAL
Controller DoS due to stack overflow when decoding a message from the server.  See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2021-38399 1 Honeywell 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more 2024-11-21 N/A 7.5 HIGH
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
CVE-2021-38397 1 Honeywell 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more 2024-11-21 N/A 10.0 CRITICAL
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
CVE-2021-38395 1 Honeywell 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more 2024-11-21 N/A 9.1 CRITICAL
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.