PatchSiren cyber security CVE debrief
CVE-2023-5404 Honeywell CVE debrief
CVE-2023-5404 is a HIGH severity vulnerability (CVSS 3.1: 8.1) affecting multiple Honeywell industrial control systems, published on 2024-04-25. Successful exploitation against Experion Servers or Stations could enable an attacker to cause denial-of-service or achieve remote code execution over the network using specially crafted messages. The vulnerability impacts 16 distinct product configurations across five product families: Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Affected versions span multiple release trains, with fixes available through Honeywell's security notice process. Honeywell has released patches addressing these vulnerabilities; users should upgrade to the versions referenced in Honeywell Security Notice SN2024.
- Vendor
- Honeywell
- Product
- Experion PKS
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-25
- Original CVE updated
- 2024-04-25
- Advisory published
- 2024-04-25
- Advisory updated
- 2024-04-25
Who should care
Organizations operating Honeywell Experion process control systems or Safety Manager safety systems in critical infrastructure environments including oil and gas, chemical processing, power generation, and manufacturing. Asset owners with unpatched Experion PKS, Experion LX, PlantCruise, Safety Manager, or Safety Manager SC deployments should prioritize remediation due to the potential for remote code execution impacting process availability and safety.
Technical summary
CVE-2023-5404 affects Honeywell's Experion distributed control system platform and Safety Manager safety instrumented systems. The vulnerability resides in network-facing components of Experion Servers and Stations, where insufficient input validation of crafted network messages can lead to memory corruption conditions exploitable for denial-of-service or arbitrary code execution. The attack vector is network-based with high attack complexity, requiring no privileges or user interaction. Affected product versions span Experion PKS releases prior to R510.2 HF14, R511.5 TCU4 HF4, R520.1 TCU5, and R520.2 TCU4 HF2; Experion LX and PlantCruise by Experion prior to equivalent patch levels; Safety Manager R15x and R16x through R162.10; and Safety Manager SC R210.X through R212.1. Honeywell has addressed these issues in subsequent releases and hotfixes documented in Security Notice SN2024.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade affected Honeywell systems to patched versions referenced in Honeywell Security Notice SN2024
- Apply network segmentation to isolate Experion Servers and Stations from untrusted networks
- Monitor for anomalous network traffic targeting Experion systems
- Review and implement CISA ICS recommended practices for defense-in-depth
- Validate that Safety Manager and Safety Manager SC systems are on supported, patched versions
Evidence notes
CVE published and modified 2024-04-25 per CISA CSAF advisory ICSA-24-116-04. CVSS 3.1 vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. 16 affected product configurations identified across 5 Honeywell product families. Remediation guidance directs users to Honeywell Security Notice SN2024 for fixed versions.
Official resources
-
CVE-2023-5404 CVE record
CVE.org
-
CVE-2023-5404 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-25