{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T07:36:37.948","vulnerabilities":[{"cve":{"id":"CVE-2021-38395","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2022-10-28T02:15:16.857","lastModified":"2024-11-21T06:16:59.503","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition."},{"lang":"es","value":"Los controladores Honeywell Experion PKS C200, C200E, C300 y ACE son vulnerables a una neutralización inadecuada de elementos especiales en la salida, lo que puede permitir a un atacante ejecutar código arbitrario de forma remota y provocar una condición de Denegación de Servicio."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:c200_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"89205AE1-0EE7-4665-8FE6-5312EAD5FB2D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:honeywell:c200:-:*:*:*:*:*:*:*","matchCriteriaId":"B3F154A3-2438-4420-8B6E-E0521376714E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:c200e_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3B06800D-443D-4237-8E91-98735E5EA148"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:honeywell:c200e:-:*:*:*:*:*:*:*","matchCriteriaId":"6ACB0AD6-5A19-4DEC-9F47-03EC6FA80AC0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:c300_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7C79B7D1-630B-4723-BFCA-66F03F93D1FB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:honeywell:c300:-:*:*:*:*:*:*:*","matchCriteriaId":"CEA14D67-E320-490E-92E6-CC135EBBA245"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:application_control_environment_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"83F4F4B6-E05B-43B9-96ED-02919E42AFCC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:honeywell:application_control_environment:-:*:*:*:*:*:*:*","matchCriteriaId":"7C79B55A-11AB-441E-A544-9678616E9BA4"}]}]}],"references":[{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf","source":"ics-cert@hq.dhs.gov","tags":["Product"]},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}