CVE-2023-5392 : C300 information leak due to an analysis feature which allows extracting more me

C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Published 2024-04-11 19:19:19

Updated 2024-04-12 12:44:05

Source Honeywell International Inc.

View at NVD, CVE.org

Products affected by CVE-2023-5392

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-5392

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 38 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-5392

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	Honeywell International Inc.	2024-04-11
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2023-5392

CWE-1295 Debug Messages Revealing Unnecessary Information

The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.

Assigned by: psirt@honeywell.com (Secondary)

References for CVE-2023-5392

https://process.honeywell.com

Home

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-5392

Products affected by CVE-2023-5392

Exploit prediction scoring system (EPSS) score for CVE-2023-5392

CVSS scores for CVE-2023-5392

CWE ids for CVE-2023-5392

References for CVE-2023-5392