Honeywell Trend Controls Inter-Controller Protocol

Risk Summary

Successful exploitation of this vulnerability could cause the loss of authentication information in cleartext by sniffing network traffic.

CVEs (1)

Remediations

• Procure and utilize currently supported hardware through reputable supply channels.
• Apply product updates as available.
• Follow guidance in the product security manual to ensure isolation of network segments upon which building automation controllers reside.
• Ensure adequate security controls are in place between OT and IT network segments.
• Disable unnecessary accounts and services.
• Restrict system access to authorized personnel only and follow a least privilege approach.
• Apply defense-in-depth strategies.
• Log and monitor network traffic for suspicious activity.
• For IQ4 Series controllers, ensure the latest available firmware version is utilized. The latest firmware may be obtained from a dealer or the Trend Partner Network (login required).
• Follow the Security Best Practice for Trend Products included with product documentation. Additional copies may be obtained from a dealer or the Trend Partner Network (login required).

Affected Vendors

Affected Products (1)

Affected Sectors

Multiple