Vulnerabilities > Honeywell > C300 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-26597 Out-of-bounds Write vulnerability in Honeywell C300 Firmware
Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-787
7.5
7.5
2023-07-13 CVE-2023-24480 Out-of-bounds Write vulnerability in Honeywell C300 Firmware
Controller DoS due to stack overflow when decoding a message from the server.  See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-787
7.5
7.5
2023-07-13 CVE-2023-25178 Insufficient Verification of Data Authenticity vulnerability in Honeywell C300 Firmware
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-345
critical
 9.8
9.8
2023-07-13 CVE-2023-25770 Deserialization of Untrusted Data vulnerability in Honeywell C300 Firmware
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
network
low complexity
honeywell CWE-502
7.5
7.5
2022-10-28 CVE-2021-38395 Injection vulnerability in Honeywell products
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
network
low complexity
honeywell CWE-74
critical
 9.8
9.8
2022-10-28 CVE-2021-38397 Unrestricted Upload of File with Dangerous Type vulnerability in Honeywell products
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
network
low complexity
honeywell CWE-434
critical
 10.0
10
2022-10-28 CVE-2021-38399 Path Traversal vulnerability in Honeywell products
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
network
low complexity
honeywell CWE-22
7.5
7.5