Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service (DoS) conditions.

“A Control Component Library (CCL) may be modified by a bad actor and loaded to a controller such that malicious code is executed by the controller,” Honeywell noted in an independent security notification published earlier this February. Credited with discovering and reporting the flaws are Rei Henigman and Nadav Erez of industrial cybersecurity firm Claroty.

Read more…