CyberSec.Space Logo
Back to CVE Browser

CVE-2021-38397

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0090%
EPSS Percentile21.17th
PublishedOct 28, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

Affected Platforms (CPE)

πŸ’»
Honeywell

C200 Firmware

All versions
πŸ’»
Honeywell

C200e Firmware

All versions
πŸ’»
Honeywell

C300 Firmware

All versions
πŸ’»
Honeywell

Application Control Environment Firmware

All versions

References & Advisories

πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04
πŸ”— https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf
πŸ”— https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04
πŸ”— https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf

Related Vulnerabilities

CVE-2021-40459.8

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, presen...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-2328110.0

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM soft...

CVE-2021-217710.0

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version tha...