Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

C300

Source -

CNA

CNA CVEs -

6

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
6Vulnerabilities found
CVE-2023-5407
Assigner-Honeywell International Inc.
ShareView Details
Assigner-Honeywell International Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 19.23%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 16:49
Updated-08 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.

Action-Not Available
Vendor-Honeywell International Inc.
Product-C300
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-5392
Assigner-Honeywell International Inc.
ShareView Details
Assigner-Honeywell International Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.37%
||
7 Day CHG~0.00%
Published-11 Apr, 2024 | 19:19
Updated-02 Aug, 2024 | 07:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

Action-Not Available
Vendor-Honeywell International Inc.
Product-C300c300
CWE ID-CWE-1295
Debug Messages Revealing Unnecessary Information
CVE-2023-26597
Assigner-Honeywell International Inc.
ShareView Details
Assigner-Honeywell International Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.81%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 11:04
Updated-05 Mar, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Controller DOS on sending error response

Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning.

Action-Not Available
Vendor-Honeywell International Inc.
Product-c300_firmwarec300C300
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25770
Assigner-Honeywell International Inc.
ShareView Details
Assigner-Honeywell International Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 10:59
Updated-02 Aug, 2024 | 11:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Controller stack overflow on decoding messages from the server

Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.

Action-Not Available
Vendor-Honeywell International Inc.
Product-c300_firmwarec300C300c300
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-25178
Assigner-Honeywell International Inc.
ShareView Details
Assigner-Honeywell International Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 74.61%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 10:59
Updated-05 Mar, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Controller design flaw - unsigned firmware

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.

Action-Not Available
Vendor-Honeywell International Inc.
Product-c300_firmwarec300C300
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-24480
Assigner-Honeywell International Inc.
ShareView Details
Assigner-Honeywell International Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 8.44%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 10:57
Updated-05 Mar, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Controller stack overflow when decoding messages from the server

Controller DoS due to stack overflow when decoding a message from the server.  See Honeywell Security Notification for recommendations on upgrading and versioning.

Action-Not Available
Vendor-Honeywell International Inc.
Product-c300_firmwarec300C300
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-787
Out-of-bounds Write