Experion server

This hub aggregates every CVE we track for Experion server, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Experion server.

• CVE-2023-5406Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading...5.9Apr 17, 2024
• CVE-2023-5405Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations o...5.9Apr 17, 2024
• CVE-2023-5404Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrad...8.1Apr 17, 2024
• CVE-2023-5403Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendation...8.1Apr 17, 2024
• CVE-2023-5401Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a...8.1Apr 17, 2024
• CVE-2023-5400Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a ...8.1Apr 17, 2024
• CVE-2023-5398Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versi...5.9Apr 17, 2024
• CVE-2023-5397Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendat...8.1Apr 17, 2024
• CVE-2023-5396Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommen...7.4Apr 17, 2024
• CVE-2023-5395Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for rec...8.1Apr 17, 2024
• CVE-2023-5394Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updati...7.4Apr 11, 2024
• CVE-2023-5393Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recen...7.4Apr 11, 2024
• CVE-2023-25948Server Data type confusion - info leak 7.5Jul 13, 2023
• CVE-2023-25078DoS due to heap overflow9.8Jul 13, 2023
• CVE-2023-24474Server deserialization missing boundary checks - heap overflow in communication between server and controller7.5Jul 13, 2023