Most of the critical and high-severity bugs in Honeywell Experion PKS offerings prior to R520.2 TCU9 Hot Fix 1 and R530 TCU3 Hot Fix 1 which arose from the Control Data Access component could be leveraged to facilitate remote code execution, while a pair of high-severity flaws and another medium-severity vulnerability could be harnessed to enable denial-of-service attacks and incorrect system behavior, respectively, said Honeywell, which urged immediate patching of the issues. All of the security defects were discovered and reported by Positive Technologies. "The vulnerabilities were found in network protocol handlers that lack identification and authentication functions. As a result, the only prerequisite for exploitation is access to the isolated segment," said Positive Technologies Industrial Control Systems Unit Lead Dmitry Skylar.
Vulnerability Management, Critical Infrastructure Security
Multiple HoneyWell Experion PKS flaws addressed
Matrikon Honeywell is one of three IoT vendors that faced vulnerabilities in their process to implement the open platform communication (OPC) network protocol ahead of a 2020 fix. (Spencer Platt/Getty Images)
Updates have been issued by Honeywell to fix half a dozen security issues impacting its Experion Process Knowledge System industrial process control and automation products used in critical infrastructure organizations worldwide, according to SecurityWeek.
