Remote Code Execution and Denial-of-Service Vulnerability in Honeywell Experion PKS Controllers

Remote Code Execution and Denial-of-Service Vulnerability in Honeywell Experion PKS Controllers

CVE-2021-38395 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

Learn more about our Web Application Penetration Testing UK.