ICSA-24-116-04 · Published 2024-04-25 · View on CISA ICS-CERT ↗

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC

CVSS 9.1 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could disclose sensitive information, allow privilege escalation, or allow remote code execution.

CVEs (16)

CVE-2023-5389 CVE-2023-5390 CVE-2023-5407 CVE-2023-5392 CVE-2023-5406 CVE-2023-5405 CVE-2023-5400 CVE-2023-5404 CVE-2023-5395 CVE-2023-5401 CVE-2023-5403 CVE-2023-5398 CVE-2023-5397 CVE-2023-5396 CVE-2023-5394 CVE-2023-5393

Remediations

Honeywell fixed the reported issues and advises users to upgrade to version referenced in the Security Notice or CVE record.

Affected Vendors

Honeywell

Affected Products (16)

Honeywell · Experion PKS <R510.2_HF14

Honeywell · Experion PKS <R511.5_TCU4_HF4

Honeywell · Experion PKS <R520.1_TCU5

Honeywell · Experion PKS <R520.2_TCU4_HF2

Honeywell · Experion LX <R511.5_TCU4_HF4

Honeywell · Experion LX <R520.1_TCU5

Honeywell · Experion LX <R520.2_TCU4_HF2

Honeywell · PlantCruise by Experion <R511.5_TCU4_HF4

Honeywell · PlantCruise by Experion <R520.1_TCU5

Honeywell · PlantCruise by Experion <R520.2_TCU4_HF2

Honeywell · Safety Manager R15x

Honeywell · Safety Manager >=R16x|<=R162.10

Honeywell · Safety Manager SC R210.X

Honeywell · Safety Manager SC R211.1

Honeywell · Safety Manager SC R211.2

Honeywell · Safety Manager SC R212.1

Affected Sectors

Chemical, Critical Manufacturing, Energy, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more