Vulnerability Management, Threat Management

ISA warns about Honeywell Experion controller vulnerabilities

The Cybersecurity and Infrastructure Security Agency has reported that all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers contained various security flaws that could enable remote code execution and denial-of-service conditions if exploited, according to The Hacker News.

Users with the affected devices have been urged to immediately apply updates or patches.

"A Control Component Library (CCL) may be modified by a bad actor and loaded to a controller such that malicious code is executed by the controller," said Honeywell in a prior notification about the vulnerabilities, discovered and reported by Claroty researchers Nadav Erez and Rei Henigman.

Claroty noted that the security flaws stemmed from the download code procedure needed for programming the controller logic, which could allow arbitrary CLL binary file uploading.

"The device then loads the executables without performing checks or sanitization, giving an attacker the ability to upload executables and run unauthorized native code remotely without authentication," said Erez and Henigman.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.