ICSA-16-301-01
·
Published 2025-06-05
·
View on CISA ICS-CERT ↗
Honeywell Experion PKS Improper Input Validation Vulnerability
CVSS 3.7
LOW
CVEs (1)
Remediations
- Honeywell recommends that Experion users download and apply the appropriate patch to protect themselves from this vulnerability.
- Honeywell’s software downloads to resolve the vulnerabilities include the following: R400.8 HOTFIX1, R410.8 HOTFIX6, R430.5 HOTFIX1, and R431.2 HOTFIX2
- In the event that a patch is not yet available for a current Experion release, Honeywell recommends users either isolate the network traffic when using the client tools (eNAP Server service) or turn the eNAP Server service off when not uploading new firmware until a patch is available.
- Users can contact Honeywell technical support for registration and installation instructions for these patches at the following URLs: (https://www.honeywellprocess.com/en-US/support/pages/request-support.aspx)
- Users can contact Honeywell technical support for registration and installation instructions for these patches at the following URLs: (https://www.honeywellprocess.com/en-US/contact-us/pages/default.aspx)
Affected Vendors
Honeywell
Affected Products (5)
Honeywell
·
Experion PKS
<=3xx
Honeywell
·
Experion PKS
400
Honeywell
·
Experion PKS
410
Honeywell
·
Experion PKS
430
Honeywell
·
Experion PKS
431
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more