Honeywell releases patch for critical vulneabilities of Experion DCS Platforms
Take action: Critical infrastructure systems are more frequently a risk focus, both of researchers and attackers. Another very complex patch for a production environment. Isolate the network of the DCS platform but plan for a patch effort.
Learn More
Honeywell reports a set of nine newly discovered vulnerabilities in Honeywell Experion® DCS platforms, including seven critical flaws.
These vulnerabilities could potentially enable unauthorized remote code execution on legacy versions of Honeywell servers and controllers.
Exploiting these vulnerabilities could allow an attacker to gain control over the devices, manipulate the DCS controller's operation, and conceal these alterations from the engineering workstation responsible for managing the controller.
Network access to the targeted devices is all that is required for exploitation. No authentication is needed to perform the attack.
Furthermore, compromised IT, IoT, and OT assets within the same network as the DCS devices could be utilized for an attack.
Honeywell has already released security patches and strongly advises affected customers to apply them immediately. A CISA advisory regarding these vulnerabilities is expected to be published today.
