PatchSiren cyber security CVE debrief
CVE-2023-5395 Honeywell CVE debrief
CVE-2023-5395 is a high-severity vulnerability affecting multiple Honeywell industrial control systems, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability allows an unauthenticated remote attacker to cause denial-of-service conditions or achieve remote code execution on Experion Servers or Stations by sending specially crafted network messages. The CVSS 3.1 score of 8.1 reflects high impact across confidentiality, integrity, and availability with network attack vector and high attack complexity. The broad product scope spans 16 affected product versions across Honeywell's distributed control system and safety instrumented system product lines, indicating significant exposure in critical infrastructure environments.
- Vendor
- Honeywell
- Product
- Experion PKS
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-25
- Original CVE updated
- 2024-04-25
- Advisory published
- 2024-04-25
- Advisory updated
- 2024-04-25
Who should care
Organizations operating Honeywell Experion distributed control systems or Safety Manager safety instrumented systems in critical infrastructure sectors including energy, chemicals, manufacturing, and process industries. Asset owners with unpatched versions should prioritize remediation due to remote exploitability and potential for both operational disruption (DoS) and compromise of control system integrity (RCE).
Technical summary
CVE-2023-5395 enables unauthenticated remote attackers to execute arbitrary code or cause denial-of-service conditions on Honeywell Experion Servers and Stations via specially crafted network messages. The vulnerability affects 16 product configurations across five product families: Experion PKS (versions below R510.2 HF14, R511.5 TCU4 HF4, R520.1 TCU5, R520.2 TCU4 HF2), Experion LX (versions below R511.5 TCU4 HF4, R520.1 TCU5, R520.2 TCU4 HF2), PlantCruise by Experion (versions below R511.5 TCU4 HF4, R520.1 TCU5, R520.2 TCU4 HF2), Safety Manager (R15x, R16x through R162.10), and Safety Manager SC (R210.X, R211.1, R211.2, R212.1). CVSS 3.1 vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H indicates network attack vector, high attack complexity, no privileges required, and high impact across confidentiality, integrity, and availability. Honeywell has released patches; users should upgrade to fixed versions per Security Notice SN2024.
Defensive priority
critical
Recommended defensive actions
- Apply Honeywell security updates referenced in Security Notice SN2024 to all affected Experion PKS, Experion LX, PlantCruise, Safety Manager, and Safety Manager SC systems
- Implement network segmentation to isolate affected Honeywell systems from untrusted networks
- Monitor for anomalous network traffic targeting Experion Servers and Stations
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- Validate that safety instrumented systems (Safety Manager, Safety Manager SC) have appropriate compensating controls during patch windows
Evidence notes
CVE published 2024-04-25; CISA ICS advisory ICSA-24-116-04 issued same date. No KEV listing as of source publication. Affected products confirmed through CSAF product tree with 16 distinct product IDs spanning Experion PKS versions below R510.2 HF14, R511.5 TCU4 HF4, R520.1 TCU5, R520.2 TCU4 HF2; Experion LX versions below R511.5 TCU4 HF4, R520.1 TCU5, R520.2 TCU4 HF2; PlantCruise by Experion versions below R511.5 TCU4 HF4, R520.1 TCU5, R520.2 TCU4 HF2; Safety Manager R15x and R16x through R162.10; and Safety Manager SC R210.X, R211.1, R211.2, and R212.1.
Official resources
-
CVE-2023-5395 CVE record
CVE.org
-
CVE-2023-5395 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-25