CVE-2021-38397 Information

Description

Honeywell Experion PKS C200 C200E C300 and ACE controllers are vulnerable to unrestricted file uploads which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

Reference

https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04