CVE-2023-5390 (GCVE-0-2023-5390)

Vulnerability from cvelistv5 – Published: 2024-01-31 17:46 – Updated: 2025-05-29 15:03
VLAI
Summary
An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
Severity
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Honeywell ControlEdge UOC Affected: 520.2 , ≤ 520.2 TCU4 (semver)
Affected: 510.1 , ≤ 510.2 HF13 (semver)
Affected: 520.1 , ≤ 520.1 TCU4 (semver)
Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
Create a notification for this product.
Honeywell ControlEdge UOC Affected: 520.2 , ≤ 520.2 TCU4 (semver)
Affected: 511.1 , ≤ 511.5 TCU4 HF3 (semver)
Affected: 520.1 , ≤ 520.1 TCU4 (semver)
Create a notification for this product.
Honeywell ControlEdge UOC Affected: 520.2 , ≤ 520.2 TCU4 (semver)
Affected: 520.1 , ≤ 520.1 TCU4 (semver)
Affected: 520.2 TCU4 HFR2 , ≤ 511.5 TCU4 HF3 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:59:44.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://process.honeywell.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.honeywell.com/us/en/product-security"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5390",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:42:27.845224Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-29T15:03:38.086Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Experion PKS"
          ],
          "product": "ControlEdge UOC",
          "vendor": "Honeywell",
          "versions": [
            {
              "changes": [
                {
                  "at": "520.2 TCU4 HF1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "520.2 TCU4",
              "status": "affected",
              "version": "520.2",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "510.2 HF14",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "510.2 HF13",
              "status": "affected",
              "version": "510.1",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "520.1 TCU5",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "520.1 TCU4",
              "status": "affected",
              "version": "520.1",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "511.5 TCU4 HF4",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "511.5 TCU4 HF3",
              "status": "affected",
              "version": "511.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Experion LX"
          ],
          "product": "ControlEdge UOC",
          "vendor": "Honeywell",
          "versions": [
            {
              "changes": [
                {
                  "at": "520.2 TCU4 HF2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "520.2 TCU4",
              "status": "affected",
              "version": "520.2",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "511.5 TCU4 HF4",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "511.5 TCU4 HF3",
              "status": "affected",
              "version": "511.1",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "520.1 TCU5",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "520.1 TCU4",
              "status": "affected",
              "version": "520.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "PlantCruise by Experion"
          ],
          "product": "ControlEdge UOC",
          "vendor": "Honeywell",
          "versions": [
            {
              "changes": [
                {
                  "at": "520.2 TCU4 HF2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "520.2 TCU4",
              "status": "affected",
              "version": "520.2",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "520.1 TCU5",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "520.1 TCU4",
              "status": "affected",
              "version": "520.1",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "511.5 TCU4 HF4",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "511.5 TCU4 HF3",
              "status": "affected",
              "version": "520.2 TCU4 HFR2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product.\u0026nbsp;See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n\u003cbr\u003e"
            }
          ],
          "value": "An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T19:56:46.965Z",
        "orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
        "shortName": "Honeywell"
      },
      "references": [
        {
          "url": "https://process.honeywell.com"
        },
        {
          "url": "https://www.honeywell.com/us/en/product-security"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
    "assignerShortName": "Honeywell",
    "cveId": "CVE-2023-5390",
    "datePublished": "2024-01-31T17:46:39.809Z",
    "dateReserved": "2023-10-04T17:50:05.792Z",
    "dateUpdated": "2025-05-29T15:03:38.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-5390",
      "date": "2026-05-29",
      "epss": "0.00155",
      "percentile": "0.35884"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:honeywell:controledge_unit_operations_controller_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B528F553-0D96-4A1D-9ABE-DA9555534BB2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:honeywell:controledge_unit_operations_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30EFCB6-6534-46EE-A743-2218FD0DAA81\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:honeywell:controledge_virtual_unit_operations_controller_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67C0BF18-A928-4A47-A71E-2216BE4ECB90\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:honeywell:controledge_virtual_unit_operations_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F436C92C-7EED-44A5-B53D-12B54652D0A1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product.\\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\"}, {\"lang\": \"es\", \"value\": \"Un atacante podr\\u00eda explotar esta vulnerabilidad, lo que provocar\\u00eda la lectura de archivos desde Honeywell Experion ControlEdge VirtualUOC y ControlEdge UOC. Esta explotaci\\u00f3n podr\\u00eda usarse para leer archivos del controlador que pueden exponer informaci\\u00f3n limitada del dispositivo. Honeywell recomienda actualizar a la versi\\u00f3n m\\u00e1s reciente del producto. Consulte la Notificaci\\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\\u00f3n y control de versiones.\"}]",
      "id": "CVE-2023-5390",
      "lastModified": "2024-11-21T08:41:40.570",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@honeywell.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2024-01-31T18:15:46.780",
      "references": "[{\"url\": \"https://process.honeywell.com\", \"source\": \"psirt@honeywell.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://www.honeywell.com/us/en/product-security\", \"source\": \"psirt@honeywell.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://process.honeywell.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://www.honeywell.com/us/en/product-security\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}]",
      "sourceIdentifier": "psirt@honeywell.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@honeywell.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-36\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-5390\",\"sourceIdentifier\":\"psirt@honeywell.com\",\"published\":\"2024-01-31T18:15:46.780\",\"lastModified\":\"2024-11-21T08:41:40.570\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\"},{\"lang\":\"es\",\"value\":\"Un atacante podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la lectura de archivos desde Honeywell Experion ControlEdge VirtualUOC y ControlEdge UOC. Esta explotaci\u00f3n podr\u00eda usarse para leer archivos del controlador que pueden exponer informaci\u00f3n limitada del dispositivo. Honeywell recomienda actualizar a la versi\u00f3n m\u00e1s reciente del producto. Consulte la Notificaci\u00f3n de seguridad de Honeywell para obtener recomendaciones sobre actualizaci\u00f3n y control de versiones.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@honeywell.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@honeywell.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-36\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:honeywell:controledge_unit_operations_controller_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B528F553-0D96-4A1D-9ABE-DA9555534BB2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:honeywell:controledge_unit_operations_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30EFCB6-6534-46EE-A743-2218FD0DAA81\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:honeywell:controledge_virtual_unit_operations_controller_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67C0BF18-A928-4A47-A71E-2216BE4ECB90\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:honeywell:controledge_virtual_unit_operations_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F436C92C-7EED-44A5-B53D-12B54652D0A1\"}]}]}],\"references\":[{\"url\":\"https://process.honeywell.com\",\"source\":\"psirt@honeywell.com\",\"tags\":[\"Product\"]},{\"url\":\"https://www.honeywell.com/us/en/product-security\",\"source\":\"psirt@honeywell.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://process.honeywell.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://www.honeywell.com/us/en/product-security\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://process.honeywell.com\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.honeywell.com/us/en/product-security\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:59:44.316Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5390\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T15:42:27.845224Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T15:42:29.337Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-126\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-126\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Honeywell\", \"product\": \"ControlEdge UOC\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"520.2 TCU4 HF1\", \"status\": \"unaffected\"}], \"version\": \"520.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"520.2 TCU4\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"510.2 HF14\", \"status\": \"unaffected\"}], \"version\": \"510.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"510.2 HF13\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"520.1 TCU5\", \"status\": \"unaffected\"}], \"version\": \"520.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"520.1 TCU4\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"511.5 TCU4 HF4\", \"status\": \"unaffected\"}], \"version\": \"511.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"511.5 TCU4 HF3\"}], \"platforms\": [\"Experion PKS\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Honeywell\", \"product\": \"ControlEdge UOC\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"520.2 TCU4 HF2\", \"status\": \"unaffected\"}], \"version\": \"520.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"520.2 TCU4\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"511.5 TCU4 HF4\", \"status\": \"unaffected\"}], \"version\": \"511.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"511.5 TCU4 HF3\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"520.1 TCU5\", \"status\": \"unaffected\"}], \"version\": \"520.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"520.1 TCU4\"}], \"platforms\": [\"Experion LX\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Honeywell\", \"product\": \"ControlEdge UOC\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"520.2 TCU4 HF2\", \"status\": \"unaffected\"}], \"version\": \"520.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"520.2 TCU4\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"520.1 TCU5\", \"status\": \"unaffected\"}], \"version\": \"520.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"520.1 TCU4\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"511.5 TCU4 HF4\", \"status\": \"unaffected\"}], \"version\": \"520.2 TCU4 HFR2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"511.5 TCU4 HF3\"}], \"platforms\": [\"PlantCruise by Experion\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://process.honeywell.com\"}, {\"url\": \"https://www.honeywell.com/us/en/product-security\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product.\\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends updating to the most recent version of the product.\u0026nbsp;See Honeywell Security Notification for recommendations on upgrading and versioning.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-36\", \"description\": \"CWE-36\"}]}], \"providerMetadata\": {\"orgId\": \"0dc86260-d7e3-4e81-ba06-3508e030ce8d\", \"shortName\": \"Honeywell\", \"dateUpdated\": \"2024-07-09T19:56:46.965Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-5390\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-29T15:03:38.086Z\", \"dateReserved\": \"2023-10-04T17:50:05.792Z\", \"assignerOrgId\": \"0dc86260-d7e3-4e81-ba06-3508e030ce8d\", \"datePublished\": \"2024-01-31T17:46:39.809Z\", \"assignerShortName\": \"Honeywell\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.