Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Mitigation Third Party Advisory US Government Resource |
https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
02 Nov 2022, 18:12
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-74 | |
First Time |
Honeywell c200
Honeywell application Control Environment Firmware Honeywell c300 Firmware Honeywell c300 Honeywell application Control Environment Honeywell Honeywell c200e Firmware Honeywell c200e Honeywell c200 Firmware |
|
CPE | cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:* cpe:2.3:h:honeywell:application_control_environment:-:*:*:*:*:*:*:* cpe:2.3:o:honeywell:c200e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:honeywell:c200e:-:*:*:*:*:*:*:* cpe:2.3:o:honeywell:c300_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:honeywell:c200:-:*:*:*:*:*:*:* cpe:2.3:o:honeywell:application_control_environment_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:honeywell:c200_firmware:-:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf - Product | |
References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 - Mitigation, Third Party Advisory, US Government Resource |
28 Oct 2022, 02:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-28 02:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-38395
Mitre link : CVE-2021-38395
CVE.ORG link : CVE-2021-38395
JSON object : View
Products Affected
honeywell
- c200
- c300
- c300_firmware
- c200e
- application_control_environment
- application_control_environment_firmware
- c200_firmware
- c200e_firmware
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')