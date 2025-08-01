Vulnerability Management, Critical Infrastructure Security

Multiple HoneyWell Experion PKS flaws addressed

Matrikon Honeywell is one of three IoT vendors that faced vulnerabilities in their process to implement the open platform communication (OPC) network protocol ahead of a 2020 fix. (Spencer Platt/Getty Images)

Matrikon Honeywell is one of three IoT vendors that faced vulnerabilities in their process to implement the open platform communication (OPC) network protocol ahead of a 2020 fix. (Spencer Platt/Getty Images)

Updates have been issued by Honeywell to fix half a dozen security issues impacting its Experion Process Knowledge System industrial process control and automation products used in critical infrastructure organizations worldwide, according to SecurityWeek.

Most of the critical and high-severity bugs in Honeywell Experion PKS offerings prior to R520.2 TCU9 Hot Fix 1 and R530 TCU3 Hot Fix 1 which arose from the Control Data Access component could be leveraged to facilitate remote code execution, while a pair of high-severity flaws and another medium-severity vulnerability could be harnessed to enable denial-of-service attacks and incorrect system behavior, respectively, said Honeywell, which urged immediate patching of the issues. All of the security defects were discovered and reported by Positive Technologies. "The vulnerabilities were found in network protocol handlers that lack identification and authentication functions. As a result, the only prerequisite for exploitation is access to the isolated segment," said Positive Technologies Industrial Control Systems Unit Lead Dmitry Skylar.

Related

Microsoft updates .NET bug bounty program

Up to $40,000 in rewards will be given by Microsoft for critical .NET and ASP.NET Core remote code execution and privilege escalation bugs as part of its upgraded .NET bug bounty program that seeks to better reflect the challenges in discovering such vulnerabilities, BleepingComputer reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BugBuffer OverflowDisassembly

You can skip this ad in 5 seconds