CVE-2023-5390: Path Traversal
First published: Wed Jan 31 2024(Updated: )
An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
Credit: psirt@honeywell.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Honeywell Controledge Unit Operations Controller Firmware | ||
| Honeywell Controledge Unit Operations Controller | ||
| All of | ||
| Honeywell Controledge Virtual Unit Operations Controller Firmware | ||
| Honeywell Controledge Virtual Unit Operations Controller |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/tags
- agent/epss
- vendor/honeywell
- canonical/honeywell controledge unit operations controller firmware
- canonical/honeywell controledge unit operations controller
- canonical/honeywell controledge virtual unit operations controller firmware
- canonical/honeywell controledge virtual unit operations controller