PatchSiren cyber security CVE debrief
CVE-2023-5390 Honeywell CVE debrief
CVE-2023-5390 is a medium-severity vulnerability (CVSS 5.3) affecting multiple Honeywell industrial control systems including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability could allow an attacker to read from Experion controllers or SMSC S300 devices, potentially exposing limited information from the device through file read operations. The vulnerability impacts 16 distinct product versions across Honeywell's industrial automation portfolio, spanning multiple release trains of their distributed control and safety systems. Honeywell has released fixes for all affected versions and advises users to upgrade to the patched versions referenced in their Security Notice.
- Vendor
- Honeywell
- Product
- Experion PKS
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-25
- Original CVE updated
- 2024-04-25
- Advisory published
- 2024-04-25
- Advisory updated
- 2024-04-25
Who should care
Organizations operating Honeywell Experion distributed control systems or Safety Manager safety instrumented systems in critical infrastructure sectors including oil and gas, chemicals, power generation, and manufacturing. Asset owners with unpatched versions should prioritize remediation due to network-exploitable information disclosure risk to industrial controllers.
Technical summary
CVE-2023-5390 is an information disclosure vulnerability in Honeywell's industrial control system product suite. The vulnerability allows network-based attackers to read files from Experion controllers and SMSC S300 safety controllers without authentication. Successful exploitation exposes limited device information but does not permit code execution or system modification. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates network accessibility, low attack complexity, no privilege requirements, and low confidentiality impact. Affected systems span multiple version branches: Experion PKS releases prior to R510.2 HF14, R511.5 TCU4 HF4, R520.1 TCU5, and R520.2 TCU4 HF2; Experion LX and PlantCruise versions prior to equivalent patch levels; Safety Manager R15x and R16x through R162.10; and Safety Manager SC versions R210.X through R212.1. Honeywell has addressed the vulnerability through security updates available via their technical publication system.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-supplied patches by upgrading to the fixed versions specified in Honeywell Security Notice SN2024 for all affected Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC
- Implement network segmentation to restrict access to Experion controllers and SMSC S300 devices from untrusted networks
- Monitor for unauthorized read operations or anomalous file access attempts on affected Honeywell industrial control systems
- Review and apply CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
- Validate that safety instrumented systems (SIS) and safety manager deployments follow vendor hardening guidance
Evidence notes
Vulnerability details sourced from CISA CSAF advisory ICSA-24-116-04. Affected product list includes 16 specific versioned products across five Honeywell product families. CVSS 3.1 vector confirms network-accessible, low-complexity attack with no privileges required. Remediation guidance directs users to Honeywell Security Notice SN2024 for specific patch versions.
Official resources
-
CVE-2023-5390 CVE record
CVE.org
-
CVE-2023-5390 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-25