PatchSiren cyber security CVE debrief
CVE-2023-5400 Honeywell CVE debrief
CVE-2023-5400 is a high-severity vulnerability affecting multiple Honeywell industrial control systems, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability allows remote attackers to cause denial-of-service conditions or execute arbitrary code on Experion Servers or Stations by sending specially crafted network messages. The CVSS 3.1 score of 8.1 reflects high impact across confidentiality, integrity, and availability with network-based attack vector, though exploitation requires high attack complexity. Honeywell has released patches addressing these vulnerabilities, and affected organizations should prioritize upgrading to the fixed versions referenced in Honeywell's Security Notice.
- Vendor
- Honeywell
- Product
- Experion PKS
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-25
- Original CVE updated
- 2024-04-25
- Advisory published
- 2024-04-25
- Advisory updated
- 2024-04-25
Who should care
Organizations operating Honeywell Experion distributed control systems or Safety Manager safety instrumented systems in critical infrastructure sectors including energy, chemicals, manufacturing, and pharmaceuticals. Asset owners with unpatched versions prior to R510.2 HF14, R511.5 TCU4 HF4, R520.1 TCU5, or R520.2 TCU4 HF2 for Experion platforms, and Safety Manager versions R15x through R162.10 or Safety Manager SC versions R210.x through R212.1 face elevated risk.
Technical summary
CVE-2023-5400 encompasses vulnerabilities in Honeywell's Experion process knowledge systems and Safety Manager platforms. The flaws reside in network message handling within Experion Servers and Stations, where insufficient validation of crafted messages permits memory corruption or logic errors leading to denial-of-service or remote code execution. The attack vector is network-based with no required privileges or user interaction, though high attack complexity may limit exploitation. Affected platforms include distributed control systems (Experion PKS, LX, PlantCruise) and safety instrumented systems (Safety Manager, Safety Manager SC), creating potential for both operational disruption and compromise of safety-critical functions.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade affected Honeywell systems to patched versions referenced in Honeywell Security Notice SN2024
- Apply network segmentation to isolate Experion Servers and Stations from untrusted networks
- Monitor for anomalous network traffic targeting Experion systems
- Review CISA ICS recommended practices for defense-in-depth strategies
- Validate that Safety Manager and Safety Manager SC systems are updated to non-vulnerable versions
Evidence notes
CISA ICS Advisory ICSA-24-116-04 confirms successful exploitation enables denial-of-service or remote code execution via specially crafted messages against Experion Servers or Stations. CVSS 3.1 vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H supports the 8.1 score. Affected product versions span multiple Experion PKS, Experion LX, PlantCruise, Safety Manager, and Safety Manager SC releases.
Official resources
-
CVE-2023-5400 CVE record
CVE.org
-
CVE-2023-5400 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-25