CVE-2023-5393 : Server receiving a malformed message that causes a disconnect to a hostname may

Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Published 2024-04-11 20:15:10

Updated 2024-04-24 18:15:11

Source Honeywell International Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-5393

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-5393

EPSS FAQ

0.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 50 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-5393

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H	2.2	5.2	Honeywell International Inc.	2024-04-11
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

CWE ids for CVE-2023-5393

CWE-130 Improper Handling of Length Parameter Inconsistency

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

Assigned by: psirt@honeywell.com (Secondary)

References for CVE-2023-5393

https://process.honeywell.com

Home

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-5393

Products affected by CVE-2023-5393

Exploit prediction scoring system (EPSS) score for CVE-2023-5393

CVSS scores for CVE-2023-5393

CWE ids for CVE-2023-5393

References for CVE-2023-5393