PatchSiren cyber security CVE debrief
CVE-2023-5407 Honeywell CVE debrief
CVE-2023-5407 is a HIGH severity vulnerability (CVSS 3.1: 7.4) affecting multiple Honeywell industrial control systems including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on 2024-04-25, this vulnerability allows an unauthenticated attacker to cause denial-of-service or achieve remote code execution over the network by sending specially crafted messages to affected controllers. The attack vector is network-based with high attack complexity, requiring no privileges or user interaction. The vulnerability impacts integrity and availability with HIGH severity, though confidentiality is not affected. Affected products span multiple versions across Honeywell's industrial automation portfolio, including Experion PKS releases prior to R510.2_HF14, R511.5_TCU4_HF4, R520.1_TCU5, and R520.2_TCU4_HF4; Experion LX and PlantCruise versions prior to equivalent patch levels; Safety Manager R15x and R16x through R162.10; and Safety Manager SC versions R210.X through R212.1. Honeywell has released security updates to address this vulnerability and advises users to upgrade to the patched versions referenced in their security notice.
- Vendor
- Honeywell
- Product
- Experion PKS
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-25
- Original CVE updated
- 2024-04-25
- Advisory published
- 2024-04-25
- Advisory updated
- 2024-04-25
Who should care
Organizations operating Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, or Safety Manager SC systems in industrial environments, particularly critical infrastructure operators in energy, chemical, manufacturing, and process industries where these systems are deployed.
Technical summary
Network-accessible vulnerability in Honeywell industrial controllers allowing unauthenticated remote code execution or denial-of-service via crafted messages. High attack complexity. Patches available.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided security updates from Honeywell's security notice system for all affected Experion PKS, Experion LX, PlantCruise, Safety Manager, and Safety Manager SC installations
- Implement network segmentation to isolate affected industrial control systems from untrusted networks
- Monitor network traffic for anomalous connections to Experion controllers, ControlEdge PLC, Safety Manager, and SMSC S300 devices
- Review and apply CISA's ICS recommended practices for defense-in-depth strategies
- Validate that updated firmware versions meet or exceed the patched release thresholds specified in the vendor security notice
Evidence notes
Vulnerability details sourced from CISA CSAF advisory ICSA-24-116-04. CVSS 3.1 vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H. Affected product versions enumerated from CSAF product tree with 16 distinct product identifiers. Remediation guidance indicates vendor-provided patches are available via Honeywell's security notice process.
Official resources
-
CVE-2023-5407 CVE record
CVE.org
-
CVE-2023-5407 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-25