PatchSiren cyber security CVE debrief
CVE-2023-5396 Honeywell CVE debrief
CVE-2023-5396 is a high-severity vulnerability affecting multiple Honeywell industrial control systems, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability could allow an unauthenticated attacker to cause denial-of-service conditions or achieve remote code execution on Experion Servers or Stations by sending specially crafted network messages. The CVSS 3.1 score of 7.4 reflects high impact on integrity and availability with network-based attack vector, though attack complexity is rated as high. Honeywell has released security updates to address this issue and advises customers to upgrade to the patched versions referenced in their security notice.
- Vendor
- Honeywell
- Product
- Experion PKS
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-25
- Original CVE updated
- 2024-04-25
- Advisory published
- 2024-04-25
- Advisory updated
- 2024-04-25
Who should care
Organizations operating Honeywell Experion PKS, Experion LX, PlantCruise, Safety Manager, or Safety Manager SC systems in industrial environments, particularly in critical infrastructure sectors such as energy, chemical manufacturing, and process industries where these systems are commonly deployed.
Technical summary
This vulnerability affects Honeywell's Experion process knowledge systems and Safety Manager platforms. Successful exploitation against Experion Servers or Stations enables attackers to cause denial-of-service or execute arbitrary code remotely using specially crafted network messages. The vulnerability spans multiple product lines and version ranges: Experion PKS versions prior to R510.2 HF14, R511.5 TCU4 HF4, R520.1 TCU5, and R520.2 TCU4 HF2; Experion LX versions prior to R511.5 TCU4 HF4, R520.1 TCU5, and R520.2 TCU4 HF2; PlantCruise by Experion versions prior to R511.5 TCU4 HF4, R520.1 TCU5, and R520.2 TCU4 HF2; Safety Manager R15x and R16x through R162.10; and Safety Manager SC versions R210.X, R211.1, R211.2, and R212.1. Honeywell has addressed these issues in subsequent releases and advises customers to consult Security Notice SN2024 for specific upgrade paths.
Defensive priority
high
Recommended defensive actions
- Upgrade affected Honeywell systems to the patched versions specified in Honeywell Security Notice SN2024
- Apply network segmentation to isolate Experion Servers and Stations from untrusted networks
- Monitor for anomalous network traffic targeting Experion systems
- Review and implement CISA ICS recommended practices for defense-in-depth
- Contact Honeywell support for assistance with upgrade planning if running affected versions
Evidence notes
CISA published advisory ICSA-24-116-04 on April 25, 2024, documenting this vulnerability across 16 affected product configurations. The advisory confirms Honeywell has developed fixes and recommends upgrading to specified versions.
Official resources
-
CVE-2023-5396 CVE record
CVE.org
-
CVE-2023-5396 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-25