CISA (Cybersecurity & Infrastructure Security Agency) has shared an ICS (Industrial Control Systems) advisory regarding several vulnerabilities present in Honeywell products, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC.
The advisory outlines multiple vulnerabilities which could lead to remote code execution, privilege escalation, and sensitive information disclosure. The Honeywell product vulnerabilities are described as affecting the chemical, critical manufacturing, energy, water and wastewater systems critical-infrastructure industries worldwide.
Honeywell has released updates addressing these vulnerabilities, and CISA advises users to upgrade to the recommended versions to mitigate risks.
CISA-Listed Honeywell Product Vulnerabilities of High Severity
The ICS (Industrial Control Systems) Advisory listed vulnerabilities of varying types of medium to high severity:
Exposed Dangerous Method or Function (CWE-749):
CVE-2023-5389 (CVSS v4 Base Score: 8.8) could be exploited to allow attackers to modify files on Experion controllers or SMSC S300, potentially leading to unexpected behavior or execution of malicious applications.
Absolute Path Traversal (CWE-36):
CVE-2023-5390 (CVSS v4 Base Score: 6.9) allows attackers to read files from Experion controllers or SMSC S300, exposing limited information from the device.
Stack-based Buffer Overflow (CWE-121):
CVE-2023-5407 (CVSS v4 Base Score: 8.3) could enable attackers to induce denial-of-service conditions or perform remote code execution on Experion controllers, ControlEdge PLC, Safety Manager, or SMSC S300 through crafted messages.
CVE-2023-5395, CVE-2023-5401 and CVE-2023-5403 (CVSS v4 Base Score: 9.2) could be used for similar attacks on Experion Servers and Stations.
Binding to an Unrestricted IP Address (CWE-1327):
CVE-2023-5398 (CVSS v4 Base Score: 8.7) in Experion Servers or Stations could attackers attacker to induce a denial-of-service condition using specially crafted messages over the host network.
Debug Messages Revealing Unnecessary Information (CWE-1295):
CVE-2023-5392 (CVSS v4 Base Score: 8.7) could be exploited to allow for further extraction of information than required from memory over the network.
Out-of-bounds Write (CWE-787):
CVE-2023-5406 (CVSS v4 Base Score: 8.2) could lead to attacker controlled manipulation of messages from controllers for denial-of-service or remote code execution over host networks.
CVE-2023-5405 (CVSS v4 Base Score: 6.9) exploitation of this vulnerability in Experion Servers or Stations could result in information leaks during error generation.
Heap-based Buffer Overflow (CWE-122):
CVE-2023-5400, CVE-2023-5404 (CVSS v4 Base Score: 9.2) both vulnerabilities present in Experion Servers or Stations, could allow for denial-of-service attacks or remote code execution via crafted messages.
Improper Input Validation (CWE-20):
CVE-2023-5397 (CVSS v4 Base Score: 9.2) enables denial-of-service or remote code execution via specially crafted messages.
Buffer Access with Incorrect Length Value (CWE-805):
CVE-2023-5396 (CVSS v4 Base Score: 8.3) enables denial-of-service or remote code execution via specially crafted messages.
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119):
CVE-2023-5394 (CVSS v4 Base Score: 8.3) in Experion servers or stations enables denial-of-service or remote code execution via specially crafted messages.
Improper Handling of Length Parameter Inconsistency (CWE-130):
CVE-2023-5393 (CVSS v4 Base Score: 9.2) in Experion servers or stations allows for denial-of-service or remote code execution via specially crafted messages.
CISA Shares Mitigations for Honeywell Product Vulnerabilities
CISA has advised affected Honeywell customers to immediately upgrade to the fixed versions of the software referenced in the official Security Notice.
CISA additionally recommends users to take action to mitigate the risk of exploitation of the Honeywell product vulnerabilities, such as ensuring proper user privilege restrictions, minimizing network exposure or segmenting networks and remote devices behind firewalls to isolate them from enterprise networks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Leave a Reply