CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-38397

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0090%
EPSS Percentile21.17th
Published2022年10月28日
Last Modified2024年11月21日

Vulnerability Description

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

Affected Platforms (CPE)

💻
Honeywell

C200 Firmware

All versions
💻
Honeywell

C200e Firmware

All versions
💻
Honeywell

C300 Firmware

All versions
💻
Honeywell

Application Control Environment Firmware

All versions

References & Advisories

🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04
🔗 https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf
🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04
🔗 https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf

相关漏洞威胁

CVE-2021-40459.8

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, presen...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-138810.0

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could a...