ICSA-23-194-06 · Published 2023-07-13 · View on CISA ICS-CERT ↗

Honeywell Experion PKS, LX and PlantCruise

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow privilege escalation or allow remote code execution.

CVEs (9)

CVE-2023-23585 CVE-2023-25078 CVE-2023-25948 CVE-2023-26597 CVE-2023-24480 CVE-2023-25770 CVE-2023-25178 CVE-2023-22435 CVE-2023-24474

Remediations

Honeywell recommends users upgrade Experion Platforms to version R520.2. Download information includes the following:
Experion PKS: Update to version R520.2
Experion LX: Update to version R520.2
Experion PlantCruise: Update to version R520.2
Go to the Honeywell Website and sign in.
Select "Support" at the top of the web page.
Select "Product Documents & Downloads."
In the given search box, search for: "Experion PKS R520.2", "Experion LX R520.2" or "Experion PlantCruise R520.2" and select the hyperlink for the given Experion platform.
Honeywell advises users to follow security best practices for Experion platform environments to ensure access is limited to authorized users only. Users should ensure the backup files are maintained in a network location or physical drive with access limited to authorized users only and should not share them.Honeywell Security Notifications are available on the Honeywell website. For access, users should visit the Honeywell Website and sign in, select the search icon at the top of the web page, and search for "SN2023-06-22".

Affected Vendors

Honeywell

Affected Products (3)

Honeywell · Experion PKS < R520.2

Honeywell · Experion LX < R520.2

Honeywell · Experion PlantCruise < R520.2

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more