CRITICAL🇵🇱 Wersja polska

CVE-2023-5389

CVSS 9.1v3.1pub. 2024-01-30upd. 2024-11-21

An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. 

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Honeywell Controledge Unit Operations Controller

    HW
    Honeywell
    wszystkie wersje
  • Honeywell Controledge Unit Operations Controller Firmware

    OS
    Honeywell
    wszystkie wersje
  • Honeywell Controledge Virtual Unit Operations Controller

    HW
    Honeywell
    wszystkie wersje
  • Honeywell Controledge Virtual Unit Operations Controller Firmware

    OS
    Honeywell
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-5390MEDIUM5.3ten sam produkt

An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Exper...

CVE-2026-3611CRITICAL10.0PL ✓ten sam vendor

Honeywell IQ4x — brak uwierzytelnienia w fabrycznym HMI (CWE-306)

CVE-2025-2605CRITICAL9.9PL ✓ten sam vendor

OS Command Injection w Honeywell MB-Secure i MB-Secure PRO (privilege abuse)

CVE-2024-2422CRITICAL9.3PL ✓ten sam vendor

Uwierzytelniony RCE w LenelS2 NetBox (wersje do 5.6.1 włącznie)

CVE-2024-2421CRITICAL9.3PL ✓ten sam vendor

Nieuwierzytelniony RCE w Honeywell LenelS2 NetBox (command injection)