CVE-2023-24474: Server deserialization missing boundary checks - heap overflow in communication between server and controller
First published: Thu Jul 13 2023(Updated: )
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
Credit: psirt@honeywell.com psirt@honeywell.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Honeywell Experion Server | >=501.1<=501.6hf8 | |
| Honeywell Experion Server | >=510.1<=510.2hf12 | |
| Honeywell Experion Server | >=511.1<=511.5tcu3 | |
| Honeywell Experion Server | >=520.1<=520.1tcu4 | |
| Honeywell Experion Server | >=520.2<=520.2tcu2 | |
| Honeywell Experion Station | >=501.1<=501.6hf8 | |
| Honeywell Experion Station | >=510.1<=510.2hf12 | |
| Honeywell Experion Station | >=511.1<=511.5tcu3 | |
| Honeywell Experion Station | >=520.1<=520.1tcu4 | |
| Honeywell Experion Station | >=520.2<=520.2tcu2 | |
| Honeywell Engineering Station | >=510.1<=511.5tcu3 | |
| Honeywell Engineering Station | >=520.1<=520.1tcu4 | |
| Honeywell Engineering Station | >=520.2<=520.2tcu2 | |
| Honeywell Direct Station | >=510.1<=511.5tcu3 | |
| Honeywell Direct Station | >=520.1<=520.1tcu4 | |
| Honeywell Direct Station | >=520.2<=520.2tcu2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-24474.
What is the title of this vulnerability?
The title of this vulnerability is 'Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message'.
What software is affected by this vulnerability?
The Honeywell Experion Server, Experion Station, Engineering Station, and Direct Station are affected by this vulnerability.
How severe is this vulnerability?
This vulnerability has a severity rating of 7.5 (high).
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to install the latest security patch provided by Honeywell.
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/title
- agent/event
- agent/tags
- agent/first-publish-date
- agent/description
- vendor/honeywell
- canonical/honeywell experion server
- version/honeywell experion server/501.1
- version/honeywell experion server/501.6hf8
- version/honeywell experion server/510.1
- version/honeywell experion server/510.2hf12
- version/honeywell experion server/511.1
- version/honeywell experion server/511.5tcu3
- version/honeywell experion server/520.1
- version/honeywell experion server/520.1tcu4
- version/honeywell experion server/520.2
- version/honeywell experion server/520.2tcu2
- canonical/honeywell experion station
- version/honeywell experion station/501.1
- version/honeywell experion station/501.6hf8
- version/honeywell experion station/510.1
- version/honeywell experion station/510.2hf12
- version/honeywell experion station/511.1
- version/honeywell experion station/511.5tcu3
- version/honeywell experion station/520.1
- version/honeywell experion station/520.1tcu4
- version/honeywell experion station/520.2
- version/honeywell experion station/520.2tcu2
- canonical/honeywell engineering station
- version/honeywell engineering station/510.1
- version/honeywell engineering station/511.5tcu3
- version/honeywell engineering station/520.1
- version/honeywell engineering station/520.1tcu4
- version/honeywell engineering station/520.2
- version/honeywell engineering station/520.2tcu2
- canonical/honeywell direct station
- version/honeywell direct station/510.1
- version/honeywell direct station/511.5tcu3
- version/honeywell direct station/520.1
- version/honeywell direct station/520.1tcu4
- version/honeywell direct station/520.2
- version/honeywell direct station/520.2tcu2