PatchSiren cyber security CVE debrief
CVE-2023-5392 Honeywell CVE debrief
CVE-2023-5392 is a HIGH severity information disclosure vulnerability affecting multiple Honeywell industrial control systems, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability allows an attacker to extract more information from memory over the network than required when targeting the Experion controller, ControlEdge PLC, Safety Manager, or SMSC S300. The CVSS 3.1 score of 7.5 reflects network-based attack vector with low complexity, no privileges required, and high confidentiality impact. Honeywell has released patches for affected versions across all product lines, with specific upgrade paths available through their security notice.
- Vendor
- Honeywell
- Product
- Experion PKS
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-25
- Original CVE updated
- 2024-04-25
- Advisory published
- 2024-04-25
- Advisory updated
- 2024-04-25
Who should care
Organizations operating Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, or Safety Manager SC systems in industrial environments, particularly those in critical infrastructure sectors including energy, manufacturing, chemical processing, and building automation where these control systems are deployed.
Technical summary
CVE-2023-5392 is an information disclosure vulnerability in Honeywell's industrial control system product suite. Successful exploitation enables an attacker to extract excessive memory information over the network from targeted controllers including the Experion controller, ControlEdge PLC, Safety Manager, and SMSC S300. The vulnerability is remotely exploitable without authentication (AV:N/AC:L/PR:N/UI:N), resulting in high confidentiality impact with no integrity or availability impact. Affected versions span multiple release trains: Experion PKS versions prior to R510.2_HF14, R511.5_TCU4_HF4, R520.1_TCU5, and R520.2_TCU4_HF2; Experion LX versions prior to R511.5_TCU4_HF4, R520.1_TCU5, and R520.2_TCU4_HF2; PlantCruise by Experion versions prior to R511.5_TCU4_HF4, R520.1_TCU5, and R520.2_TCU4_HF2; Safety Manager R15x and R16x through R162.10; and Safety Manager SC versions R210.X, R211.1, R211.2, and R212.1. Honeywell has issued patches and directs customers to Security Notice SN2024 for remediation guidance.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade affected Honeywell systems to patched versions referenced in Honeywell Security Notice SN2024
- Apply network segmentation to isolate affected industrial control systems from untrusted networks
- Monitor network traffic for anomalous connections to Experion controllers, ControlEdge PLCs, Safety Managers, and SMSC S300 devices
- Review and implement CISA ICS recommended practices for defense-in-depth strategies
- Validate that memory access controls are properly configured on affected devices after patching
Evidence notes
Vulnerability allows memory information extraction over network from Experion controller, ControlEdge PLC, Safety Manager, or SMSC S300. Affects 16 specific product versions across Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC product lines.
Official resources
-
CVE-2023-5392 CVE record
CVE.org
-
CVE-2023-5392 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-25