Honeywell C300 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Honeywell C300 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-38397 — CVSS 10.0 (critical): Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to…
CVE-2023-24480 — CVSS 9.8 (critical): Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on…
CVE-2023-25178 — CVSS 9.8 (critical): Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for…
CVE-2023-25770 — CVSS 9.8 (critical): Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell…
CVE-2021-38395 — CVSS 9.1 (critical): Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output…
CVE-2023-26597 — CVSS 7.5 (high): Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security…
CVE-2021-38399 — CVSS 7.5 (high): Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access…