MEDIUM🇬🇧 English

CVE-2023-5390

CVSS 5.3v3.1pub. 2024-01-31upd. 2024-11-21

An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Honeywell Controledge Unit Operations Controller

    HW
    Honeywell
    wszystkie wersje
  • Honeywell Controledge Unit Operations Controller Firmware

    OS
    Honeywell
    wszystkie wersje
  • Honeywell Controledge Virtual Unit Operations Controller

    HW
    Honeywell
    wszystkie wersje
  • Honeywell Controledge Virtual Unit Operations Controller Firmware

    OS
    Honeywell
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2023-5389CRITICAL9.1PL ✓ten sam produkt

Nieautoryzowana modyfikacja plików w Honeywell ControlEdge UOC i VirtualUOC

CVE-2026-3611CRITICAL10.0PL ✓ten sam vendor

Honeywell IQ4x — brak uwierzytelnienia w fabrycznym HMI (CWE-306)

CVE-2025-2605CRITICAL9.9PL ✓ten sam vendor

OS Command Injection w Honeywell MB-Secure i MB-Secure PRO (privilege abuse)

CVE-2024-2422CRITICAL9.3PL ✓ten sam vendor

Uwierzytelniony RCE w LenelS2 NetBox (wersje do 5.6.1 włącznie)

CVE-2024-2421CRITICAL9.3PL ✓ten sam vendor

Nieuwierzytelniony RCE w Honeywell LenelS2 NetBox (command injection)