What is CVE-2023-25078?

CVE-2023-25078 is a vulnerability that allows for a denial-of-service attack due to a heap overflow during the handling of a specially crafted message for a specific configuration operation.

Which software is affected by CVE-2023-25078?

Honeywell Experion Server (versions 501.1 to 501.6hf8, 510.1 to 510.2hf12, 51.1 to 511.5tcu3, 520.1 to 520.1tcu4, 520.2 to 520.2tcu2), Honeywell Experion Station (versions 501.1 to 501.6hf8, 510.1 to 510.2hf12, 511.1 to 511.5tcu3, 520.1 to 520.1tcu4, 520.2 to 520.2tcu2), Honeywell Engineering Station (versions 510.1 to 511.tcu3, 520.1 to 520.1tcu4, 520.2 to 520.2tcu2), and Honeywell Direct Station (versions 510.1 to 511.tcu3, 520.1 to 520.1tcu4, 520.2 to 520.2tcu2) are affected by CVE-2023-25078.

What is the severity of CVE-2023-25078?

CVE-2023-25078 has a severity rating of 7.5, which is considered critical.

How can I fix CVE-2023-25078?

To fix CVE-2023-25078, it is recommended to install the latest security updates provided by Honeywell for the affected software versions.

Where can I find more information about CVE-2023-25078?

You can find more information about CVE-2023-25078 on the Honeywell website at https://process.honeywell.com.

Vulnerability/
CVE-2023-25078

critical

9.8

CWE

787

13/7/2023

2/8/2024

CVE-2023-25078: DoS due to heap overflow

First published: Thu Jul 13 2023(Updated: )

Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.

Credit: psirt@honeywell.com psirt@honeywell.com

Affected Software	Affected Version	How to fix
Honeywell Experion Server	>=501.1<=501.6hf8
Honeywell Experion Server	>=510.1<=510.2hf12
Honeywell Experion Server	>=511.1<=511.5tcu3
Honeywell Experion Server	>=520.1<=520.1tcu4
Honeywell Experion Server	>=520.2<=520.2tcu2
Honeywell Experion Station	>=501.1<=501.6hf8
Honeywell Experion Station	>=510.1<=510.2hf12
Honeywell Experion Station	>=511.1<=511.5tcu3
Honeywell Experion Station	>=520.1<=520.1tcu4
Honeywell Experion Station	>=520.2<=520.2tcu2
Honeywell Engineering Station	>=510.1<=511.tcu3
Honeywell Engineering Station	>=520.1<=520.1tcu4
Honeywell Engineering Station	>=520.2<=520.2tcu2
Honeywell Direct Station	>=510.1<=511.tcu3
Honeywell Direct Station	>=520.1<=520.1tcu4
Honeywell Direct Station	>=520.2<=520.2tcu2

Never miss a vulnerability like this again

Reference Links

https://process.honeywell.com

Frequently Asked Questions

What is CVE-2023-25078?
CVE-2023-25078 is a vulnerability that allows for a denial-of-service attack due to a heap overflow during the handling of a specially crafted message for a specific configuration operation.
Which software is affected by CVE-2023-25078?
Honeywell Experion Server (versions 501.1 to 501.6hf8, 510.1 to 510.2hf12, 51.1 to 511.5tcu3, 520.1 to 520.1tcu4, 520.2 to 520.2tcu2), Honeywell Experion Station (versions 501.1 to 501.6hf8, 510.1 to 510.2hf12, 511.1 to 511.5tcu3, 520.1 to 520.1tcu4, 520.2 to 520.2tcu2), Honeywell Engineering Station (versions 510.1 to 511.tcu3, 520.1 to 520.1tcu4, 520.2 to 520.2tcu2), and Honeywell Direct Station (versions 510.1 to 511.tcu3, 520.1 to 520.1tcu4, 520.2 to 520.2tcu2) are affected by CVE-2023-25078.
What is the severity of CVE-2023-25078?
CVE-2023-25078 has a severity rating of 7.5, which is considered critical.
How can I fix CVE-2023-25078?
To fix CVE-2023-25078, it is recommended to install the latest security updates provided by Honeywell for the affected software versions.
Where can I find more information about CVE-2023-25078?
You can find more information about CVE-2023-25078 on the Honeywell website at https://process.honeywell.com.

collector/nvd-latest
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/last-modified-date
agent/references
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/honeywell
canonical/honeywell experion server
version/honeywell experion server/501.1
version/honeywell experion server/501.6hf8
version/honeywell experion server/510.1
version/honeywell experion server/510.2hf12
version/honeywell experion server/511.1
version/honeywell experion server/511.5tcu3
version/honeywell experion server/520.1
version/honeywell experion server/520.1tcu4
version/honeywell experion server/520.2
version/honeywell experion server/520.2tcu2
canonical/honeywell experion station
version/honeywell experion station/501.1
version/honeywell experion station/501.6hf8
version/honeywell experion station/510.1
version/honeywell experion station/510.2hf12
version/honeywell experion station/511.1
version/honeywell experion station/511.5tcu3
version/honeywell experion station/520.1
version/honeywell experion station/520.1tcu4
version/honeywell experion station/520.2
version/honeywell experion station/520.2tcu2
canonical/honeywell engineering station
version/honeywell engineering station/510.1
version/honeywell engineering station/511.tcu3
version/honeywell engineering station/520.1
version/honeywell engineering station/520.1tcu4
version/honeywell engineering station/520.2
version/honeywell engineering station/520.2tcu2
canonical/honeywell direct station
version/honeywell direct station/510.1
version/honeywell direct station/511.tcu3
version/honeywell direct station/520.1
version/honeywell direct station/520.1tcu4
version/honeywell direct station/520.2
version/honeywell direct station/520.2tcu2