CISA issued an advisory this Tuesday regarding some Honeywell critical vulnerabilities. If exploited, the consequences might be remote code execution (RCE) and DoS attacks (Denial of Service). These flaws are related to Honeywell Experion Process Knowledge System C200, C200E, C300 versions, and also to ACE controllers.
Honeywell Critical Vulnerabilities: More Details
The Honeywell critical vulnerabilities under discussion were discovered and announced by 2 researchers from the cybersecurity company Claroty, by their names Rei Henigman and Nadav Erez.
According to a report published by the two mentioned experts, the CVEs are:
It has a score of 10.0 and the products that are impacted by unrestricted file upload might be compromised with RCE and DoS.
This is related to incorrect output neutralization of special components, leading also to remote code execution and denial of service.
The relative path traversal is what makes the impacted devices vulnerable. Through successful exploitation, cybercriminals could illicitly access files and directories.
The researchers also shared more details on how an attack might happen:
In the case of the Experion PKS, Team82 found that it is possible to mimic the download code procedure and use these requests to upload arbitrary DLL/ELF files (for simulators and controllers, respectively). The device then loads the executables without performing checks or sanitization, giving an attacker the ability to upload executables and run unauthorized native code remotely without authentication.
What Devices Are Impacted?
According to the same security advisory mentioned in the beginning, Honeywell Experion products that are impacted are:
- All versions of C200
- All versions of C200E
- All versions of C300 and ACE controllers
Experion Process Knowledge System (PKS) stands for a distributed control system (DCS). Its capabilities permit the monitoring and control of industrial processes from various industries.
Mitigation Measures
Following the discovery of the Honeywell critical vulnerabilities, the mitigation measures CISA recommends in the advisory are:
- Regarding system devices/ systems control: the network exposure should be reduced, so devices should be kept aside from being accessed over the Internet;
- Firewalls should be implemented for system networks and remote devices;
- In case of remote access, and up to date VPN should be used.
It is also worth mentioning the guidance Honeywell recommends: Experion Network and Security Planning Guide.
A support document from the company that they published back in February includes also mitigation measures for these vulnerabilities.