Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Mitigation Third Party Advisory US Government Resource |
https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2021-10-05T00:00:00
Updated: 2022-10-28T00:00:00
Reserved: 2021-08-10T00:00:00
Link: CVE-2021-38395
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-10-28T02:15:16.857
Modified: 2022-11-02T18:12:55.850
Link: CVE-2021-38395
JSON object: View
Redhat Information
No data.
CWE