PatchSiren

Honeywell CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Honeywell CVE published 2026-03-10

CVE-2026-3611

CVE-2026-3611 describes a critical access-control weakness in Honeywell IQ4 Series building management controllers prior to version 3.30. In the factory-default configuration, the web HMI can be reached without authentication when no user module is configured, and the advisory states that this results in System Guest (level 100) read/write access to the HTTP interface. The same interface can be used to cr [truncated]

CRITICAL Honeywell CVE published 2026-02-17

CVE-2026-1670

CVE-2026-1670 is a critical issue in the Honeywell HIB2PI CCTV Camera advisory tracked by CISA as ICSA-26-048-04. The source describes an unauthenticated API endpoint exposure that may let an attacker remotely change the "forgot password" recovery email address. Honeywell’s remediation guidance says the affected product was discontinued in April 2025 and directs users to contact support for patch informat [truncated]

HIGH Honeywell CVE published 2025-07-24

CVE-2025-3947

CVE-2025-3947 is a high-severity Honeywell Experion PKS issue in the Control Data Access (CDA) component. The advisory says an attacker could manipulate input data in a way that causes improper integer value checking during subtraction, which can lead to denial of service in affected systems.

HIGH Honeywell CVE published 2025-07-24

CVE-2025-2520

CVE-2025-2520 is a Honeywell Experion PKS availability issue affecting common Epic Platform Analyzer (EPA) communications. According to the CISA CSAF advisory, an attacker could potentially manipulate the communication channel and trigger dereferencing of an uninitialized pointer, resulting in denial of service. Honeywell’s documented fix path is to move affected systems to the specified hotfix releases.

HIGH Honeywell CVE published 2024-04-25

CVE-2023-5407

CVE-2023-5407 is a HIGH severity vulnerability (CVSS 3.1: 7.4) affecting multiple Honeywell industrial control systems including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on 2024-04-25, this vulnerability allows an unauthenticated attacker to cause denial-of-service or achieve remote code execution over the network by sending specially crafted mes [truncated]

MEDIUM Honeywell CVE published 2024-04-25

CVE-2023-5406

CVE-2023-5406 is a medium-severity vulnerability affecting multiple Honeywell industrial control systems, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability allows an attacker to cause denial-of-service or achieve remote code execution by manipulating messages from a controller to Experion Servers or Stations [truncated]

MEDIUM Honeywell CVE published 2024-04-25

CVE-2023-5405

CVE-2023-5405 is a medium-severity information disclosure vulnerability affecting multiple Honeywell industrial control system products. Published on April 25, 2024, this vulnerability impacts Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC systems. Successful exploitation against Experion Servers or Stations could result in information leakage when an error condi [truncated]

HIGH Honeywell CVE published 2024-04-25

CVE-2023-5404

CVE-2023-5404 is a HIGH severity vulnerability (CVSS 3.1: 8.1) affecting multiple Honeywell industrial control systems, published on 2024-04-25. Successful exploitation against Experion Servers or Stations could enable an attacker to cause denial-of-service or achieve remote code execution over the network using specially crafted messages. The vulnerability impacts 16 distinct product configurations acros [truncated]

HIGH Honeywell CVE published 2024-04-25

CVE-2023-5403

CVE-2023-5403 is a high-severity vulnerability affecting multiple Honeywell industrial control systems, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability allows remote attackers to cause denial-of-service conditions or execute arbitrary code on Experion Servers or Stations by sending specially crafted networ [truncated]

HIGH Honeywell CVE published 2024-04-25

CVE-2023-5401

CVE-2023-5401 is a HIGH severity vulnerability (CVSS 3.1: 8.1) affecting multiple Honeywell industrial control systems including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability enables remote attackers to cause denial-of-service conditions or achieve remote code execution on Experion Servers or Stations through spec [truncated]

HIGH Honeywell CVE published 2024-04-25

CVE-2023-5400

CVE-2023-5400 is a high-severity vulnerability affecting multiple Honeywell industrial control systems, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability allows remote attackers to cause denial-of-service conditions or execute arbitrary code on Experion Servers or Stations by sending specially crafted networ [truncated]

MEDIUM Honeywell CVE published 2024-04-25

CVE-2023-5398

CVE-2023-5398 is a medium-severity vulnerability affecting multiple Honeywell industrial control system products, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability allows an unauthenticated attacker to cause a denial-of-service condition on Experion Servers or Stations by sending specially crafted network me [truncated]

HIGH Honeywell CVE published 2024-04-25

CVE-2023-5397

A critical vulnerability in Honeywell's Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC industrial control systems allows remote attackers to execute arbitrary code or cause denial-of-service conditions via specially crafted network messages. The vulnerability affects Experion Servers and Stations with a CVSS 3.1 score of 8.1 (High severity). Successful exploitati [truncated]

HIGH Honeywell CVE published 2024-04-25

CVE-2023-5396

CVE-2023-5396 is a high-severity vulnerability affecting multiple Honeywell industrial control systems, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability could allow an unauthenticated attacker to cause denial-of-service conditions or achieve remote code execution on Experion Servers or Stations by sending s [truncated]

HIGH Honeywell CVE published 2024-04-25

CVE-2023-5395

CVE-2023-5395 is a high-severity vulnerability affecting multiple Honeywell industrial control systems, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability allows an unauthenticated remote attacker to cause denial-of-service conditions or achieve remote code execution on Experion Servers or Stations by sending [truncated]

HIGH Honeywell CVE published 2024-04-25

CVE-2023-5394

A critical vulnerability in Honeywell's Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC industrial control systems allows remote attackers to execute arbitrary code or cause denial-of-service conditions. The vulnerability, published April 25, 2024, affects 16 distinct product versions across Honeywell's distributed control and safety systems portfolio. Attackers c [truncated]

HIGH Honeywell CVE published 2024-04-25

CVE-2023-5393

A critical vulnerability in Honeywell's Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC industrial control systems allows remote attackers to execute arbitrary code or cause denial-of-service conditions. The vulnerability, published on April 25, 2024, affects 16 distinct product versions across Honeywell's distributed control system (DCS) and safety instrumented s [truncated]

HIGH Honeywell CVE published 2024-04-25

CVE-2023-5392

CVE-2023-5392 is a HIGH severity information disclosure vulnerability affecting multiple Honeywell industrial control systems, including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability allows an attacker to extract more information from memory over the network than required when targeting the Experion controller, Co [truncated]

MEDIUM Honeywell CVE published 2024-04-25

CVE-2023-5390

CVE-2023-5390 is a medium-severity vulnerability (CVSS 5.3) affecting multiple Honeywell industrial control systems including Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC. Published on April 25, 2024, this vulnerability could allow an attacker to read from Experion controllers or SMSC S300 devices, potentially exposing limited information from the device throug [truncated]

CRITICAL Honeywell CVE published 2024-04-25

CVE-2023-5389

A critical vulnerability in Honeywell's Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, and Safety Manager SC product lines allows remote attackers to modify files on affected controllers without authentication. Published on April 25, 2024, this flaw enables unauthorized file writes to Experion controllers or SMSC S300 systems, which could lead to unexpected behavior through configurat [truncated]

HIGH Honeywell CVE published 2017-02-02

CVE-2017-5143

CVE-2017-5143 is a high-severity directory traversal issue in Honeywell XL Web II controller web interfaces. According to the NVD record, a user without authenticating can trigger directory traversal by accessing a specific URL. The issue is rated CVSS 8.6 and was published on 2017-02-13.

HIGH Honeywell CVE published 2017-02-02

CVE-2017-5142

CVE-2017-5142 is a critical Honeywell XL Web II / XLWeb 500 controller issue where a low-privileged user can access a specific URL to open and change parameters because of improper privilege management. The published CVSS 3.0 vector indicates network accessibility, low attack complexity, low privileges required, no user interaction, and impact to confidentiality, integrity, and availability.

HIGH Honeywell CVE published 2017-02-02

CVE-2017-5141

CVE-2017-5141 affects Honeywell XL Web II controller software and is described as a session fixation issue. An attacker can establish a new user session without invalidating the existing session identifier, creating an opportunity to steal authenticated sessions. The CVE was published on 2017-02-13 and later modified in NVD on 2026-05-13.

HIGH Honeywell CVE published 2017-02-02

CVE-2017-5140

CVE-2017-5140 is a critical credential-protection weakness in Honeywell XL Web II controller software. NVD describes the issue as a password being stored in clear text in XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Because the secret can be exposed rather than protected, an attacker who can access the stored value may be able to reuse credentials and gain broader contr [truncated]

HIGH Honeywell CVE published 2017-02-02

CVE-2017-5139

CVE-2017-5139 is a critical Honeywell XL Web II controller issue where a password can be disclosed by accessing a specific URL. NVD classifies the weakness as CWE-522 (insufficiently protected credentials) and rates the issue CVSS 3.0 9.8, reflecting network accessibility, no required privileges, no user interaction, and high impact to confidentiality, integrity, and availability. The affected products li [truncated]

LOW Honeywell CVE published 2016-07-31

CVE-2016-8344

CVE-2016-8344 is an input validation weakness in Honeywell Experion Process Knowledge System (PKS). According to the CVE record, a specially crafted packet can cause the process to terminate, which can prevent firmware uploads to Series-C devices. The issue is reported across Experion PKS Release 3xx and prior, 400, 410, 430, and 431.