CVE-2023-5878

Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to R322.3, R330.2 or the most recent version of this product2.

CVSS

No CVSS.

References

Link	Resource
https://process.honeywell.com/

Configurations

No configuration.

History

18 Feb 2025, 19:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.1~~	v2 : unknown v3 : unknown
Summary		(es) Honeywell OneWireless Wireless Device Manager (WDM) para las siguientes versiones R310.x, R320.x, R321.x, R322.1, R322.2, R323.x y R330.1 contiene una vulnerabilidad de inyección de comandos. Un atacante autenticado podría usar el proceso de actualización del firmware para explotar potencialmente la vulnerabilidad, lo que provocaría una inyección de comandos. Honeywell recomienda actualizar a R322.3, R330.2 o la versión más reciente de este producto2.

06 Feb 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-06 15:15

Updated : 2025-02-18 19:15

NVD link : CVE-2023-5878

Mitre link : CVE-2023-5878

CVE.ORG link : CVE-2023-5878

JSON object : View

Products Affected

No product.

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2023-5878", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@honeywell.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 9.4, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2025-02-06T15:15:12.440", "references": [{"url": "https://process.honeywell.com/", "source": "psirt@honeywell.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@honeywell.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Honeywell OneWireless \n\nWireless Device Manager (WDM)\u00a0for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to \n\n R322.3, R330.2 or the most recent version of this product2."}, {"lang": "es", "value": "Honeywell OneWireless Wireless Device Manager (WDM) para las siguientes versiones R310.x, R320.x, R321.x, R322.1, R322.2, R323.x y R330.1 contiene una vulnerabilidad de inyecci\u00f3n de comandos. Un atacante autenticado podr\u00eda usar el proceso de actualizaci\u00f3n del firmware para explotar potencialmente la vulnerabilidad, lo que provocar\u00eda una inyecci\u00f3n de comandos. Honeywell recomienda actualizar a R322.3, R330.2 o la versi\u00f3n m\u00e1s reciente de este producto2."}], "lastModified": "2025-02-18T19:15:11.780", "sourceIdentifier": "psirt@honeywell.com"}