CVE-2023-5392 Vulnerability Details

  /     /     /  

CVE-2023-5392 Metadata Quick Info

CVE Published: 11/04/2024 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: Honeywell | Vendor: Honeywell | Product: C300
Status : PUBLISHED

CVE-2023-5392 Description

C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Metrics

CVSS Version: 3.1 | Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-1295
CWE Name: CWE-1295
Source: Honeywell

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-121
CAPEC Description: CAPEC-121


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-5392 Vulnerability Details