Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
                
            References
                    | Link | Resource | 
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Mitigation Third Party Advisory US Government Resource | 
| https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product | 
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04 | Mitigation Third Party Advisory US Government Resource | 
| https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf | Product | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
Configuration 2 (hide)
| AND | 
 
 | 
Configuration 3 (hide)
| AND | 
 
 | 
Configuration 4 (hide)
| AND | 
 
 | 
History
                    No history.
Information
                Published : 2022-10-28 02:15
Updated : 2024-11-21 06:16
NVD link : CVE-2021-38395
Mitre link : CVE-2021-38395
CVE.ORG link : CVE-2021-38395
JSON object : View
Products Affected
                honeywell
- c200_firmware
- c200e_firmware
- application_control_environment
- c200
- application_control_environment_firmware
- c300
- c200e
- c300_firmware
CWE
                
                    
                        
                        CWE-74
                        
            Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
