CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-38397

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0090%
EPSS Percentile21.17th
Published2022年10月28日
Last Modified2024年11月21日

Vulnerability Description

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

Affected Platforms (CPE)

💻
Honeywell

C200 Firmware

All versions
💻
Honeywell

C200e Firmware

All versions
💻
Honeywell

C300 Firmware

All versions
💻
Honeywell

Application Control Environment Firmware

All versions

References & Advisories

🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04
🔗 https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf
🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04
🔗 https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf

相關漏洞威脅

CVE-2021-40459.8

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, presen...

CVE-2021-2732910.0

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.

CVE-2021-2132110.0

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-r...

CVE-2021-2132210.0

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By c...