Security flaws in Honeywell devices could be used to disrupt critical industries

Security researchers have discovered numerous vulnerabilities in Honeywell devices used in critical industries that could, if exploited, allow hackers to cause physical disruption and potentially impact the safety of human lives.

Researchers at Armis, a cybersecurity company specializing in asset security, uncovered nine vulnerabilities in Honeywell’s Experion distributed control system (DCS) products. These are digital automated industrial control systems that are used to control large industrial processes across critical industries — like energy and pharmaceutical — where high availability and continuous operations are critical.

The vulnerabilities, seven of which have been given a critical-severity rating, could allow for an attacker to remotely run unauthorized code on both the Honeywell server and controllers, according to Armis. An attacker would need network access to exploit the flaws, which can be gained by compromising a device within a network, from a laptop to a vending machine. However, the bugs allow for unauthenticated access, which means an attacker wouldn’t need to log into the controller in order to exploit it.

 

Read the full story at: