Description
Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
References (1)
Scores
CVSS v3
7.4
EPSS
0.0115
EPSS Percentile
78.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-130
Status
published
Products (5)
Honeywell/Experion Server
510.1 - 510.2 HF13
Honeywell/Experion Server
511.1 - 511.5 TCU4 HF3
Honeywell/Experion Server
520.1 - 520.1 TCU4
Honeywell/Experion Server
520.2 - 520.2 TCU4
Honeywell/Experion Server
520.2 TCU4 HFR2 - 511.5 TCU4 HF3
Published
Apr 11, 2024
Tracked Since
Feb 18, 2026