CVE-2023-5406 MEDIUM

CVE-2023-5406

Vendor Honeywell

Product Experion Server

Weakness CWE-787

Published April 17, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.

Key dates

02Disclosure timeline

April 17, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5406 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2023-5406

CWE CWE-787

CVSS 5.9 / MEDIUM

Affected versions

Vendor Honeywell

Product Experion Server

Affected ≥ 520.2 and ≤ 520.2 TCU4

Vendor Honeywell

Product Experion Server

Affected ≥ 510.1 and ≤ 510.2 HF13

Vendor Honeywell

Product Experion Server

Affected ≥ 520.1 and ≤ 520.1 TCU4

Vendor Honeywell

Product Experion Server

Affected ≥ 511.1 and ≤ 511.5 TCU4 HF3

Vendor Honeywell

Product Experion Server

Affected ≥ 520.2 and ≤ 520.2 TCU4

Vendor Honeywell

Product Experion Server

Affected ≥ 511.1 and ≤ 511.5 TCU4 HF3

Vendor Honeywell

Product Experion Server

Affected ≥ 520.1 and ≤ 520.1 TCU4

Vendor Honeywell

Product Experion Server

Affected ≥ 520.2 and ≤ 520.2 TCU4

Vendor Honeywell

Product Experion Server

Affected ≥ 520.1 and ≤ 520.1 TCU4

Vendor Honeywell

Product Experion Server

Affected ≥ 520.2 TCU4 HFR2 and ≤ 511.5 TCU4 HF3

CVE-2023-5406

01Description

02Disclosure timeline

03References

04Related CVE