Honeywell Experion PKS, LX and PlantCruise

🗓️ 13 Jul 2023 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 29 Views

Honeywell Experion PKS, LX, and PlantCruise vulnerabilities found. Remote code execution, buffer overflows, and denial-of-service risk. Versions prior to R520.2 affected.

Reporter	Title	Published	Views	Family All 110
BDU FSTEC	The vulnerabilities of the microprogramming software for Honeywell Experion PKS programmable logic controllers, the measurement and computing controllers Experion LX, and the distribution control system Experion PlantCruise allow a intruder to execute arbitrary code.	27 Jul 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerabilities of microprogrammed software in Honeywell Experion PKS programmable logic controllers, Honeywell Experion LX measurement and control controllers, and the Experion PlantCruise distribution control system allow a intruder to gain unauthorized access to protected information.	28 Jul 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerabilities of the microprogramming software for Honeywell Experion PKS programmable logic controllers, the measurement and computing controllers Experion LX, and the distribution control system Experion PlantCruise allow a intruder to execute arbitrary code.	28 Jul 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerabilities of the microprogramming software for Honeywell Experion PKS programmable logic controllers, the measurement and computing controllers Experion LX, and the distribution control system Experion PlantCruise allow a intruder to execute arbitrary code.	28 Jul 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerabilities of the microprogrammed software in Honeywell Experion PKS programmable logic controllers, Honeywell Experion LX measurement and control controllers, and the Experion PlantCruise distribution control system allow a intruder to trigger malfunctions during maintenance operations.	28 Jul 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerabilities of microprogramming software in Honeywell Experion PKS programmable logic controllers, Honeywell Experion LX measurement and control controllers, and the Experion PlantCruise distribution control system allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.	28 Jul 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerabilities of the microprogramming software for Honeywell Experion PKS programmable logic controllers, the measurement and computing controllers Experion LX, and the distribution control system Experion PlantCruise allow a intruder to execute arbitrary code.	28 Jul 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerabilities of the microprogramming software for Honeywell Experion PKS programmable logic controllers, the measurement and computing controllers Experion LX, and the distribution control system Experion PlantCruise allow a intruder to execute arbitrary code.	28 Jul 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerabilities of the microprogramming software for Honeywell Experion PKS programmable logic controllers, the measurement and computing controllers Experion LX, and the distribution control system Experion PlantCruise allow a intruder to execute arbitrary code.	31 Jul 202300:00	–	bdu_fstec
Circl	CVE-2023-22435	13 Jul 202314:52	–	circl

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-194-06.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-194-06
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

13 Jul 2023 00:00Current

9.4High risk

Vulners AI Score9.4

CVSS 3.19.8

EPSS0.006

SSVC