Vulnerability Details CVE-2021-38399
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.1%
CVSS Severity
CVSS v3 Score 7.5
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04
- https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04
- https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf
Products affected by CVE-2021-38399
-
cpe:2.3:h:honeywell:application_control_environment:-
-
cpe:2.3:h:honeywell:c200:-
-
cpe:2.3:h:honeywell:c200e:-
-
cpe:2.3:h:honeywell:c300:-
-
cpe:2.3:o:honeywell:application_control_environment_firmware:-
-
cpe:2.3:o:honeywell:c200_firmware:-
-
cpe:2.3:o:honeywell:c200e_firmware:-
-
cpe:2.3:o:honeywell:c300_firmware:-