CVE-2023-5390
Last modified
CVE-2023-5390 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. EPSS estimates a 0.57% chance of exploitation in the next 30 days.
Description
An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Controledge Unit Operations Controller Firmware | All versions |
| Honeywell | Controledge Virtual Unit Operations Controller Firmware | All versions |
References
- https://www.honeywell.com/us/en/product-securityNot Applicable
- https://www.honeywell.com/us/en/product-securityNot Applicable
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-5390?
How severe is CVE-2023-5390?
How do I fix CVE-2023-5390?
Are you affected by CVE-2023-5390?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST