Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-5400

Summary
Assigner-Honeywell
Assigner Org ID-0dc86260-d7e3-4e81-ba06-3508e030ce8d
Published At-17 Apr, 2024 | 16:41
Updated At-02 Aug, 2024 | 07:59
Rejected At-
Credits

Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.  See Honeywell Security Notification for recommendations on upgrading and versioning.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Honeywell
Assigner Org ID:0dc86260-d7e3-4e81-ba06-3508e030ce8d
Published At:17 Apr, 2024 | 16:41
Updated At:02 Aug, 2024 | 07:59
Rejected At:
▼CVE Numbering Authority (CNA)

Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.  See Honeywell Security Notification for recommendations on upgrading and versioning.

Affected Products
Vendor
Honeywell International Inc.Honeywell
Product
Experion Server
Platforms
  • Experion PKS
Default Status
unaffected
Versions
Affected
  • From 520.2 through 520.2 TCU4 (semver)
  • From 510.1 through 510.2 HF13 (semver)
  • From 520.1 through 520.1 TCU4 (semver)
  • From 511.1 through 511.5 TCU4 HF3 (semver)
Vendor
Honeywell International Inc.Honeywell
Product
Experion Server
Platforms
  • Experion LX
Default Status
unaffected
Versions
Affected
  • From 520.2 through 520.2 TCU4 (semver)
  • From 511.1 through 511.5 TCU4 HF3 (semver)
  • From 520.1 through 520.1 TCU4 (semver)
Vendor
Honeywell International Inc.Honeywell
Product
Experion Server
Platforms
  • PlantCruise by Experion
Default Status
unaffected
Versions
Affected
  • From 520.2 through 520.2 TCU4 (semver)
  • From 520.1 through 520.1 TCU4 (semver)
  • From 520.2 TCU4 HFR2 through 511.5 TCU4 HF3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122
Type: CWE
CWE ID: CWE-122
Description: CWE-122
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-47CAPEC-47
CAPEC ID: CAPEC-47
Description: CAPEC-47
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://process.honeywell.com
N/A
Hyperlink: https://process.honeywell.com
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Honeywell International Inc.honeywell
Product
experion_server
CPEs
  • cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • *
Vendor
Honeywell International Inc.honeywell
Product
experion_server
CPEs
  • cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • *
Vendor
Honeywell International Inc.honeywell
Product
experion_server
CPEs
  • cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • *
Vendor
Honeywell International Inc.honeywell
Product
experion_server
CPEs
  • cpe:2.3:a:honeywell:experion_server:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • *
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://process.honeywell.com
x_transferred
Hyperlink: https://process.honeywell.com
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@honeywell.com
Published At:17 Apr, 2024 | 17:15
Updated At:15 Apr, 2026 | 00:35

Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.  See Honeywell Security Notification for recommendations on upgrading and versioning.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-122Secondarypsirt@honeywell.com
CWE ID: CWE-122
Type: Secondary
Source: psirt@honeywell.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://process.honeywell.compsirt@honeywell.com
N/A
https://process.honeywell.comaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://process.honeywell.com
Source: psirt@honeywell.com
Resource: N/A
Hyperlink: https://process.honeywell.com
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

53Records found
CVE-2023-48263
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-8.1||HIGH
EPSS-1.74% / 82.89%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 13:08
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

Action-Not Available
Vendor-Bosch Rexroth AGRobert Bosch GmbH
Product-nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)nexo-osnexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\)nexo_special_cordless_nutrunner_\(0608pe2272\)nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)nexo_special_cordless_nutrunner_\(0608pe2673\)nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\)nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)nexo_special_cordless_nutrunner_\(0608pe2514\)nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\)nexo_special_cordless_nutrunner_\(0608pe2301\)nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)nexo_special_cordless_nutrunner_\(0608pe2666\)nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\)nexo_special_cordless_nutrunner_\(0608pe2515\)nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\)Nexo cordless nutrunner NXA011S-36V (0608842011)Nexo cordless nutrunner NXV012T-36V (0608842015)Nexo cordless nutrunner NXA011S-36V-B (0608842012)Nexo special cordless nutrunner (0608PE2301)Nexo cordless nutrunner NXA030S-36V-B (0608842007)Nexo special cordless nutrunner (0608PE2514)Nexo cordless nutrunner NXA015S-36V-B (0608842006)Nexo special cordless nutrunner (0608PE2272)Nexo cordless nutrunner NXA065S-36V (0608842013)Nexo cordless nutrunner NXA050S-36V (0608842003)Nexo cordless nutrunner NXA050S-36V-B (0608842008)Nexo special cordless nutrunner (0608PE2666)Nexo special cordless nutrunner (0608PE2673)Nexo cordless nutrunner NXA065S-36V-B (0608842014)Nexo special cordless nutrunner (0608PE2515)Nexo cordless nutrunner NXP012QD-36V-B (0608842010)Nexo cordless nutrunner NXP012QD-36V (0608842005)Nexo cordless nutrunner NXV012T-36V-B (0608842016)Nexo cordless nutrunner NXA015S-36V (0608842001)Nexo cordless nutrunner NXA030S-36V (0608842002)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32959
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.1||HIGH
EPSS-0.64% / 70.93%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 13:32
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVEVA SuiteLink Server Buffer Overflow

Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06

Action-Not Available
Vendor-AVEVA
Product-suitelinkAVEVA Batch Management 2020AVEVA MES 2014AVEVA InTouch 2020AVEVA Communication Drivers Pack 2020 AVEVA System Platform 2020AVEVA Historian 2020
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-21376
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.44% / 81.11%
||
7 Day CHG+0.15%
Published-11 Feb, 2025 | 17:58
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1809windows_10_22h2windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2025windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • Previous
  • 1
  • 2
  • Next
Details not found