CVE-2023-5398 - OpenCVE

Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://process.honeywell.com

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Honeywell

Published: 2024-04-17T16:40:10.248Z

Updated: 2024-07-08T19:39:56.991Z

Reserved: 2023-10-04T17:50:51.025Z

Link: CVE-2023-5398

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-04-17T17:15:13.430

Modified: 2024-04-17T20:08:21.887

Link: CVE-2023-5398

JSON object: View

Redhat Information

No data.

CWE

CWE-1327

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5398", "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "state": "PUBLISHED", "assignerShortName": "Honeywell", "dateReserved": "2023-10-04T17:50:51.025Z", "datePublished": "2024-04-17T16:40:10.248Z", "dateUpdated": "2024-07-08T19:39:56.991Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Experion PKS"], "product": "Experion Server", "vendor": "Honeywell", "versions": [{"lessThanOrEqual": "520.2 TCU4", "status": "affected", "version": "520.2", "versionType": "semver"}, {"lessThanOrEqual": "510.2 HF13", "status": "affected", "version": "510.1", "versionType": "semver"}, {"lessThanOrEqual": "520.1 TCU4", "status": "affected", "version": "520.1", "versionType": "semver"}, {"lessThanOrEqual": "511.5 TCU4 HF3", "status": "affected", "version": "511.1", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "platforms": ["Experion LX"], "product": "Experion Server", "vendor": "Honeywell", "versions": [{"lessThanOrEqual": "520.2 TCU4", "status": "affected", "version": "520.2", "versionType": "semver"}, {"lessThanOrEqual": "511.5 TCU4 HF3", "status": "affected", "version": "511.1", "versionType": "semver"}, {"lessThanOrEqual": "520.1 TCU4", "status": "affected", "version": "520.1", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "platforms": ["PlantCruise by Experion"], "product": "Experion Server", "vendor": "Honeywell", "versions": [{"lessThanOrEqual": "520.2 TCU4", "status": "affected", "version": "520.2", "versionType": "semver"}, {"lessThanOrEqual": "520.1 TCU4", "status": "affected", "version": "520.1", "versionType": "semver"}, {"lessThanOrEqual": "511.5 TCU4 HF3", "status": "affected", "version": "520.2 TCU4 HFR2", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. <span style=\"background-color: rgb(255, 255, 255);\">See Honeywell Security Notification for recommendations on upgrading and versioning.</span>\n\n"}], "value": "Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n"}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1327", "description": "CWE-1327", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "shortName": "Honeywell", "dateUpdated": "2024-04-25T16:58:13.998Z"}, "references": [{"url": "https://process.honeywell.com"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "honeywell", "product": "experion_server", "cpes": ["cpe:2.3:a:honeywell:experion_server:520.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "520.2", "status": "affected", "lessThanOrEqual": "520.2_tcu4", "versionType": "semver"}]}, {"vendor": "honeywell", "product": "experion_server", "cpes": ["cpe:2.3:a:honeywell:experion_server:510.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "510.1", "status": "affected", "lessThanOrEqual": "510.2_hf13", "versionType": "semver"}]}, {"vendor": "honeywell", "product": "experion_server", "cpes": ["cpe:2.3:a:honeywell:experion_server:520.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "520.1", "status": "affected", "lessThanOrEqual": "520.1_tcu4", "versionType": "custom"}]}, {"vendor": "honeywell", "product": "experion_server", "cpes": ["cpe:2.3:a:honeywell:experion_server:511.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "511.1", "status": "affected", "lessThanOrEqual": "511.5_tcu4_hf3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-19T13:03:36.390624Z", "id": "CVE-2023-5398", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T19:39:56.991Z"}}]}}