"Hackers Could Disrupt Industrial Processes via Flaws in Widely Used Honeywell DCS"
Researchers at the industrial cybersecurity firm Claroty have discovered Honeywell's Experion Process Knowledge System (PKS) product to be affected by vulnerabilities that could result in the disruption of industrial processes if exploited by malicious actors. There are three types of vulnerabilities impacting the product, two of which have been rated critical as they can allow an attacker to remotely execute arbitrary code on the system or cause a denial-of-service (DoS) condition. The third flaw, which has been given a high severity rating, is a path traversal issue that can allow a malicious actor to access folders and files. These vulnerabilities could be exploited by an attacker to cause significant disruptions or to abuse the system for further attacks against a targeted organization's network. However, the researchers emphasized that the attacker would need to figure out a way to access the organization's Operational Technology (OT) network because the ports required to be accessed in order to exploit the vulnerabilities are typically not exposed to the Internet. According to Honeywell, the vulnerabilities impact its C200, C200E, C300, and ACE controllers. This article continues to discuss the potential exploitation and impact of the three vulnerabilities discovered in the widely used Honeywell distributed control system (DCS).