Armis and Honeywell have jointly announced the discovery of 9 new vulnerabilities in Honeywell’s Experion® DCS platforms. The vulnerabilities, named Crit.IX, were found by Armis researchers. Out of these 9 vulnerabilities, 7 are considered critical. If exploited, these flaws could lead to unauthorized remote code execution on both legacy versions of the Honeywell server and controllers.
The implications of these vulnerabilities are significant. An attacker could potentially take control of the devices and manipulate the operation of the DCS controller. What’s more concerning is that these alterations could be hidden from the engineering workstation responsible for managing the DCS controller. The exploitation of these vulnerabilities doesn’t require authentication, only network access to the targeted devices. This means that any compromised IT, IoT, and OT assets on the same network as the DCS devices could potentially be used in an attack.
Given the severity of these vulnerabilities and the potential impact, Honeywell and Armis have been working closely together to investigate the findings, understand the underlying issues, and develop a patch. Honeywell has already made security patches available and is strongly urging all affected customers to apply them immediately. It is expected that a CISA advisory will be published later today to inform the wider public about these vulnerabilities.
Tom Gol, CTO of research at Armis, expressed the importance of discoveries like Crit.IX in advancing the cybersecurity industry and protecting critical infrastructure entities. As technology continues to evolve and become more integrated into businesses, it is crucial to identify potential vulnerabilities in critical technologies that society relies on. This allows for better protection of our infrastructure. Armis, with its vast asset knowledge base and unique expertise in managing the attack landscape, is committed to increasing collaboration industry-wide to proactively guide and protect organizations against the evolving threats.
For more information about the vulnerabilities and the joint efforts of Armis and Honeywell, the full blog can be found on Armis’ website.
In conclusion, the discovery of these vulnerabilities in the Honeywell Experion® DCS platforms highlights the significance of ongoing cybersecurity efforts. It emphasizes the need for collaboration between industry experts to identify and mitigate potential threats. Honeywell and Armis are actively addressing the issue, urging affected customers to apply security patches promptly. As technology continues to advance, it becomes increasingly important to prioritize the protection of critical infrastructure against evolving cybersecurity risks.