CVE-2023-25770 - OpenCVE

Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Honeywell	C300 C300 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:honeywell:c300_firmware::::::::
	cpe:2.3:o:honeywell:c300_firmware::::::::
	cpe:2.3:o:honeywell:c300_firmware::::::::
	cpe:2.3:o:honeywell:c300_firmware::::::::
	cpe:2.3:o:honeywell:c300_firmware::::::::

cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://process.honeywell.com

History

No history.

MITRE

Status: PUBLISHED

Assigner: Honeywell

Published: 2023-07-13T10:59:58.825Z

Updated: 2024-08-02T11:32:12.419Z

Reserved: 2023-02-28T23:51:16.657Z

Link: CVE-2023-25770

Vulnrichment

Updated: 2024-08-02T11:32:12.419Z

NVD

Status : Modified

Published: 2023-07-13T11:15:09.183

Modified: 2024-04-22T16:15:12.870

Link: CVE-2023-25770

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25770", "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "state": "PUBLISHED", "assignerShortName": "Honeywell", "dateReserved": "2023-02-28T23:51:16.657Z", "datePublished": "2023-07-13T10:59:58.825Z", "dateUpdated": "2024-08-02T11:32:12.419Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Experion PKS"], "product": "C300", "vendor": "Honeywell", "versions": [{"lessThanOrEqual": "501.6HF8", "status": "affected", "version": "501.1", "versionType": "semver"}, {"lessThanOrEqual": "510.2HF12", "status": "affected", "version": "510.1", "versionType": "semver"}, {"lessThanOrEqual": "511.5TCU3", "status": "affected", "version": "511.1", "versionType": "semver"}, {"lessThanOrEqual": "520.1TCU4", "status": "affected", "version": "520.1", "versionType": "semver"}, {"lessThanOrEqual": "520.2TCU2", "status": "affected", "version": "520.2", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "platforms": ["Experion LX", "Experion PlantCruise"], "product": "C300", "vendor": "Honeywell", "versions": [{"lessThanOrEqual": "511.5TCU3", "status": "affected", "version": "510.1", "versionType": "semver"}, {"lessThanOrEqual": "520.1TCU4", "status": "affected", "version": "520.1", "versionType": "semver"}, {"lessThanOrEqual": "520.2TCU2", "status": "affected", "version": "520.2", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. <span style=\"background-color: rgb(255, 255, 255);\">See Honeywell Security Notification for recommendations on upgrading and versioning. </span>\n\n"}], "value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"}], "impacts": [{"capecId": "CAPEC-221", "descriptions": [{"lang": "en", "value": "CAPEC-221 XML External Entities Blowup"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "shortName": "Honeywell", "dateUpdated": "2024-04-22T16:03:06.413Z"}, "references": [{"url": "https://process.honeywell.com"}], "source": {"discovery": "EXTERNAL"}, "title": "Controller stack overflow on decoding messages from the server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "honeywell", "product": "c300", "cpes": ["cpe:2.3:h:honeywell:c300:501.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "501.1", "status": "affected", "lessThanOrEqual": "501.6hf8", "versionType": "semver"}]}, {"vendor": "honeywell", "product": "c300", "cpes": ["cpe:2.3:h:honeywell:c300:510.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "510.1", "status": "affected", "lessThanOrEqual": "510.2hf12", "versionType": "semver"}]}, {"vendor": "honeywell", "product": "c300", "cpes": ["cpe:2.3:h:honeywell:c300:511.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "511.1", "status": "affected", "lessThanOrEqual": "511.5tcu3", "versionType": "semver"}]}, {"vendor": "honeywell", "product": "c300", "cpes": ["cpe:2.3:h:honeywell:c300:520.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "520.1", "status": "affected", "lessThanOrEqual": "520.1tcu4", "versionType": "semver"}]}, {"vendor": "honeywell", "product": "c300", "cpes": ["cpe:2.3:h:honeywell:c300:520.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "520.2", "status": "affected", "lessThanOrEqual": "520.2tcu2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-22T18:26:04.535864Z", "id": "CVE-2023-25770", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T19:15:35.980Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:32:12.419Z"}, "title": "CVE Program Container", "references": [{"url": "https://process.honeywell.com", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://process.honeywell.com", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:32:12.419Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25770", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T18:26:04.535864Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:honeywell:c300:501.1:*:*:*:*:*:*:*"], "vendor": "honeywell", "product": "c300", "versions": [{"status": "affected", "version": "501.1", "versionType": "semver", "lessThanOrEqual": "501.6hf8"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:honeywell:c300:510.1:*:*:*:*:*:*:*"], "vendor": "honeywell", "product": "c300", "versions": [{"status": "affected", "version": "510.1", "versionType": "semver", "lessThanOrEqual": "510.2hf12"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:honeywell:c300:511.1:*:*:*:*:*:*:*"], "vendor": "honeywell", "product": "c300", "versions": [{"status": "affected", "version": "511.1", "versionType": "semver", "lessThanOrEqual": "511.5tcu3"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:honeywell:c300:520.1:*:*:*:*:*:*:*"], "vendor": "honeywell", "product": "c300", "versions": [{"status": "affected", "version": "520.1", "versionType": "semver", "lessThanOrEqual": "520.1tcu4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:honeywell:c300:520.2:*:*:*:*:*:*:*"], "vendor": "honeywell", "product": "c300", "versions": [{"status": "affected", "version": "520.2", "versionType": "semver", "lessThanOrEqual": "520.2tcu2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-22T18:31:45.861Z"}}], "cna": {"title": "Controller stack overflow on decoding messages from the server", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-221", "descriptions": [{"lang": "en", "value": "CAPEC-221 XML External Entities Blowup"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Honeywell", "product": "C300", "versions": [{"status": "affected", "version": "501.1", "versionType": "semver", "lessThanOrEqual": "501.6HF8"}, {"status": "affected", "version": "510.1", "versionType": "semver", "lessThanOrEqual": "510.2HF12"}, {"status": "affected", "version": "511.1", "versionType": "semver", "lessThanOrEqual": "511.5TCU3"}, {"status": "affected", "version": "520.1", "versionType": "semver", "lessThanOrEqual": "520.1TCU4"}, {"status": "affected", "version": "520.2", "versionType": "semver", "lessThanOrEqual": "520.2TCU2"}], "platforms": ["Experion PKS"], "defaultStatus": "unaffected"}, {"vendor": "Honeywell", "product": "C300", "versions": [{"status": "affected", "version": "510.1", "versionType": "semver", "lessThanOrEqual": "511.5TCU3"}, {"status": "affected", "version": "520.1", "versionType": "semver", "lessThanOrEqual": "520.1TCU4"}, {"status": "affected", "version": "520.2", "versionType": "semver", "lessThanOrEqual": "520.2TCU2"}], "platforms": ["Experion LX", "Experion PlantCruise"], "defaultStatus": "unaffected"}], "references": [{"url": "https://process.honeywell.com"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n", "supportingMedia": [{"type": "text/html", "value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. <span style=\"background-color: rgb(255, 255, 255);\">See Honeywell Security Notification for recommendations on upgrading and versioning. </span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "shortName": "Honeywell", "dateUpdated": "2024-04-22T16:03:06.413Z"}}}, "cveMetadata": {"cveId": "CVE-2023-25770", "state": "PUBLISHED", "dateUpdated": "2024-08-02T11:32:12.419Z", "dateReserved": "2023-02-28T23:51:16.657Z", "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "datePublished": "2023-07-13T10:59:58.825Z", "assignerShortName": "Honeywell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8B1523A-A717-4BE3-97B1-5634188EAAF9", "versionEndIncluding": "501.6hf8", "versionStartIncluding": "501.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F01D307E-1DD4-4B16-A1EF-81503E5C7CF1", "versionEndIncluding": "510.2hf12", "versionStartIncluding": "510.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AAAF640-4704-4BEA-AB36-911B08227497", "versionEndIncluding": "511.5tcu3", "versionStartIncluding": "511.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "254FC5F7-6F70-4E38-95B8-E0042AB3321F", "versionEndIncluding": "520.1tcu4", "versionStartIncluding": "520.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:honeywell:c300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F075CA91-AFC8-4463-9D02-BE45F98E4840", "versionEndIncluding": "520.2tcu2", "versionStartIncluding": "520.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEA14D67-E320-490E-92E6-CC135EBBA245", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"}], "id": "CVE-2023-25770", "lastModified": "2024-04-22T16:15:12.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@honeywell.com", "type": "Secondary"}]}, "published": "2023-07-13T11:15:09.183", "references": [{"source": "psirt@honeywell.com", "tags": ["Product"], "url": "https://process.honeywell.com"}], "sourceIdentifier": "psirt@honeywell.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "psirt@honeywell.com", "type": "Secondary"}]}