TechCrunch reports that nine security vulnerabilities in Honeywell's Experion distributed control system products could be leveraged to disrupt critical infrastructure organizations, particularly those in the oil and gas sector.
Attackers with network access could exploit the seven critical flaws to enable remote execution of unauthorized code on Honeywell servers and controllers, noted Armis researchers, who discovered the security bugs.
"Worst-case scenarios you can think of from a business perspective are complete outages and a lack of availability. But there's worse scenarios than that, including safety issues that can impact human lives," said Armis Chief Information Security Officer Curtis Simpson.
Honeywell has already released patches for its Experion Process Knowledge System, PlantCruise, and LX platforms, as well as its C300 DCS Controller after being alerted of the flaws.
"There are no known exploits of this vulnerability at this time. Experion C300 owners should continue to isolate and monitor their process control network and apply available patches as soon as possible," said Honeywell spokesperson Caitlin Leopold.
Nearly 12,000 internet-facing Juniper firewall devices were discovered by VulnCheck to be impacted by a new medium-severity remote code execution vulnerability, which could be exploited to facilitate the execution of arbitrary code without the need to create a file, The Hacker News reports.