CVE-2023-5393

HIGH

Honeywell Experion Server - Stack Overflow and Remote Code Execution via Malformed Hostname Message

Title source: llm

Description

Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

References (1)

Core 1

Core References

Various Sources

https://process.honeywell.com

Scores

CVSS v3 7.4

EPSS 0.0071

EPSS Percentile 48.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-130

Status published

Products (5)

Honeywell/Experion Server 510.1 - 510.2 HF13

Honeywell/Experion Server 511.1 - 511.5 TCU4 HF3

Honeywell/Experion Server 520.1 - 520.1 TCU4

Honeywell/Experion Server 520.2 - 520.2 TCU4

Honeywell/Experion Server 520.2 TCU4 HFR2 - 511.5 TCU4 HF3

Published Apr 11, 2024

Tracked Since Feb 18, 2026