PatchSiren cyber security CVE debrief

CVE-2023-5405 Honeywell CVE debrief

CVE-2023-5405 is a medium-severity information disclosure vulnerability affecting multiple Honeywell industrial control system products. Published on April 25, 2024, this vulnerability impacts Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC systems. Successful exploitation against Experion Servers or Stations could result in information leakage when an error condition is generated. The vulnerability carries a CVSS 3.1 score of 5.3 (Medium) with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network-accessible attack vector with low attack complexity, no privileges required, and no user interaction needed, resulting in low confidentiality impact. Honeywell has released security updates to address this issue, and users are advised to upgrade to the patched versions referenced in Honeywell Security Notice SN2024. Given the affected products' roles in process control and safety systems, organizations should prioritize patching to prevent potential information disclosure that could aid further attacks against industrial environments.

Vendor: Honeywell
Product: Experion PKS
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-04-25
Original CVE updated: 2024-04-25
Advisory published: 2024-04-25
Advisory updated: 2024-04-25

Who should care

Organizations operating Honeywell Experion distributed control systems (DCS) and Safety Manager safety instrumented systems (SIS) in critical infrastructure sectors including oil and gas, chemicals, power generation, and manufacturing should prioritize assessment and remediation of this vulnerability. Security teams responsible for OT/ICS environments, process control engineers, and safety system administrators should coordinate patching activities to maintain both cybersecurity and operational safety.

Technical summary

CVE-2023-5405 is an information disclosure vulnerability in Honeywell's Experion process control and safety management product lines. The vulnerability affects Experion PKS versions prior to R510.2 HF14, R511.5 TCU4 HF4, R520.1 TCU5, and R520.2 TCU4 HF2; Experion LX versions prior to R511.5 TCU4 HF4, R520.1 TCU5, and R520.2 TCU4 HF2; PlantCruise by Experion versions prior to R511.5 TCU4 HF4, R520.1 TCU5, and R520.2 TCU4 HF2; Safety Manager R15x and R16x through R162.10; and Safety Manager SC versions R210.X, R211.1, R211.2, and R212.1. The vulnerability can be triggered when an error is generated on Experion Servers or Stations, potentially leaking sensitive information. With a CVSS 3.1 score of 5.3, the vulnerability is network-accessible with low attack complexity and requires no authentication or user interaction. Honeywell has addressed this issue through security updates available via Security Notice SN2024.

Defensive priority

medium

Recommended defensive actions

Apply security updates from Honeywell Security Notice SN2024 to all affected Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC systems
Prioritize patching of Experion Servers and Stations that are network-accessible
Implement network segmentation to limit exposure of industrial control systems to untrusted networks
Monitor system logs for anomalous error conditions that may indicate exploitation attempts
Review and apply CISA ICS recommended practices for defense-in-depth strategies
Ensure safety instrumented systems (SIS) and safety managers are isolated from general process control networks per IEC 62443 guidelines

Evidence notes

Vulnerability description and affected product versions derived from CISA CSAF advisory ICSA-24-116-04. CVSS vector and remediation guidance confirmed through official CISA source.

Official resources

2024-04-25