CRITICAL🇵🇱 Wersja polska

CVE-2021-38397

CVSS 10.0v3.1pub. 2022-10-28upd. 2024-11-21

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Honeywell Application Control Environment

    HW
    Honeywell
    wszystkie wersje
  • Honeywell Application Control Environment Firmware

    OS
    Honeywell
    wszystkie wersje
  • Honeywell C200

    HW
    Honeywell
    wszystkie wersje
  • Honeywell C200e

    HW
    Honeywell
    wszystkie wersje
  • Honeywell C200e Firmware

    OS
    Honeywell
    wszystkie wersje
  • Honeywell C200 Firmware

    OS
    Honeywell
    wszystkie wersje
  • Honeywell C300

    HW
    Honeywell
    wszystkie wersje
  • Honeywell C300 Firmware

    OS
    Honeywell
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-24480CRITICAL9.8ten sam produkt

Controller DoS due to stack overflow when decoding a message from the server.  See Honeywell Security Notific...

CVE-2023-25178CRITICAL9.8ten sam produkt

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Secur...

CVE-2023-25770CRITICAL9.8ten sam produkt

Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted ...

CVE-2021-38395CRITICAL9.1ten sam produkt

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of spe...

CVE-2023-26597HIGH7.5ten sam produkt

Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controlle...