CVE-2021-38395
Summary
| CVE | CVE-2021-38395 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-28 02:15:00 UTC |
| Updated | 2022-11-02 18:12:00 UTC |
| Description | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. |
Risk And Classification
Problem Types: CWE-74
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Honeywell | Application Control Environment | - | All | All | All |
| Operating System | Honeywell | Application Control Environment Firmware | - | All | All | All |
| Hardware | Honeywell | C200 | - | All | All | All |
| Hardware | Honeywell | C200e | - | All | All | All |
| Operating System | Honeywell | C200e Firmware | - | All | All | All |
| Operating System | Honeywell | C200 Firmware | - | All | All | All |
| Hardware | Honeywell | C300 | - | All | All | All |
| Operating System | Honeywell | C300 Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| TRANSFORMATION STARTS TODAY | CONFIRM | www.honeywellprocess.com | |
| Honeywell Experion PKS and ACE Controllers | CISA | CONFIRM | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Rei Henigman and Nadav Erez of Claroty reported these vulnerabilities to CISA.
Legacy QID Mappings
- 590873 Honeywell Experion PKS and ACE Controllers Multiple Vulnerabilities (ICSA-21-278-04) (SN 2021-02-22 01)