Vulnerabilities > Honeywell > C300 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-13 | CVE-2023-25178 | Insufficient Verification of Data Authenticity vulnerability in Honeywell C300 Firmware Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning. | 9.8 |
| 2022-10-28 | CVE-2021-38397 | Unrestricted Upload of File with Dangerous Type vulnerability in Honeywell products Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 10.0 |
| 2022-10-28 | CVE-2021-38395 | Injection vulnerability in Honeywell products Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. | 9.8 |