Armis, a cybersecurity company, has uncovered multiple vulnerabilities in Honeywell’s distributed control system (DCS) products that could be exploited by attackers targeting industrial organizations.
After disclosing their findings to Honeywell, Armis identified a total of nine new vulnerabilities, including seven categorized as critical. Honeywell has since patched the flaws, which Armis has named ‘Crit.IX’ and assigned CVE numbers. The vulnerabilities impact various Experion DCS platforms, such as EPKS, LX, and PlantCruise, used across sectors like agriculture, water, pharmaceuticals, and nuclear plants.
Armis focused its research on the Control Data Access (CDA) protocol used for communication between Experion servers and C300 controllers. The researchers discovered a lack of encryption and proper authentication mechanisms, enabling attackers with network access to impersonate servers and controllers.
Exploiting the Crit.IX vulnerabilities could lead to denial-of-service attacks, unauthorized access to sensitive information, and remote code execution on controllers and servers.
The consequences of such exploits include manipulating or disrupting controllers and engineering workstations, resulting in production downtime, equipment damage, and even compromising pharmaceutical batches and disrupting power distribution.
Armis has published a technical report detailing their findings, underscoring the importance of securing industrial control systems. This is not the first time Armis has uncovered vulnerabilities in ICS products, having previously identified flaws in Schneider Electric PLCs and the Urgent/11 vulnerabilities affecting various industrial giants’ products.
The discoveries highlight the need for robust security measures to protect critical infrastructure in the face of evolving cyber threats.
