CVE-2023-25948: Server Data type confusion - info leak
First published: Thu Jul 13 2023(Updated: )
Server information leak of configuration data when an error is generated in response to a specially crafted message.
Credit: psirt@honeywell.com psirt@honeywell.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Honeywell Experion Server | >=501.1<=501.6hf8 | |
| Honeywell Experion Server | >=510.1<=510.2hf12 | |
| Honeywell Experion Server | >=511.1<=511.5tcu3 | |
| Honeywell Experion Server | >=520.1<=520.1tcu4 | |
| Honeywell Experion Server | >=520.2<=520.2tcu2 | |
| Honeywell Experion Station | >=501.1<=501.6hf8 | |
| Honeywell Experion Station | >=510.1<=510.2hf12 | |
| Honeywell Experion Station | >=511.1<=511.5tcu3 | |
| Honeywell Experion Station | >=520.1<=520.1tcu4 | |
| Honeywell Experion Station | >=520.2<=520.2tcu2 | |
| Honeywell Engineering Station | >=510.1<=511.tcu3 | |
| Honeywell Engineering Station | >=520.1<=520.1tcu4 | |
| Honeywell Engineering Station | >=520.2<=520.2tcu2 | |
| Honeywell Direct Station | >=510.1<=511.tcu3 | |
| Honeywell Direct Station | >=520.1<=520.1tcu4 | |
| Honeywell Direct Station | >=520.2<=520.2tcu2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this server information leak of configuration data?
The vulnerability ID is CVE-2023-25948.
What is the severity level of CVE-2023-25948?
CVE-2023-25948 has a severity level of high.
Which software is affected by CVE-2023-25948?
Honeywell Experion Server, Honeywell Experion Station, Honeywell Engineering Station, and Honeywell Direct Station are affected by CVE-2023-25948.
How can the server information leak vulnerability be exploited?
This vulnerability can be exploited by generating an error with a specially crafted message.
Is there a fix for CVE-2023-25948?
Yes, it is recommended to apply the latest security patches provided by Honeywell to fix CVE-2023-25948.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/honeywell
- canonical/honeywell experion server
- version/honeywell experion server/501.1
- version/honeywell experion server/501.6hf8
- version/honeywell experion server/510.1
- version/honeywell experion server/510.2hf12
- version/honeywell experion server/511.1
- version/honeywell experion server/511.5tcu3
- version/honeywell experion server/520.1
- version/honeywell experion server/520.1tcu4
- version/honeywell experion server/520.2
- version/honeywell experion server/520.2tcu2
- canonical/honeywell experion station
- version/honeywell experion station/501.1
- version/honeywell experion station/501.6hf8
- version/honeywell experion station/510.1
- version/honeywell experion station/510.2hf12
- version/honeywell experion station/511.1
- version/honeywell experion station/511.5tcu3
- version/honeywell experion station/520.1
- version/honeywell experion station/520.1tcu4
- version/honeywell experion station/520.2
- version/honeywell experion station/520.2tcu2
- canonical/honeywell engineering station
- version/honeywell engineering station/510.1
- version/honeywell engineering station/511.tcu3
- version/honeywell engineering station/520.1
- version/honeywell engineering station/520.1tcu4
- version/honeywell engineering station/520.2
- version/honeywell engineering station/520.2tcu2
- canonical/honeywell direct station
- version/honeywell direct station/510.1
- version/honeywell direct station/511.tcu3
- version/honeywell direct station/520.1
- version/honeywell direct station/520.1tcu4
- version/honeywell direct station/520.2
- version/honeywell direct station/520.2tcu2