Honeywell recently patched several vulnerabilities in its Experion Process Knowledge System (PKS) industrial process control and automation solution.
The existence of the flaws was brought to light by the US cybersecurity agency CISA, which published an advisory last week.
According to the advisory, Honeywell Experion PKS products — releases prior to R520.2 TCU9 Hot Fix 1 and R530 TCU3 Hot Fix 1 — are affected by six vulnerabilities, including ones classified as ‘critical’ and ‘high severity’.
A majority of the critical- and high-severity flaws impact the Control Data Access (CDA) component and they can lead to remote code execution.
Two high-severity vulnerabilities can be exploited for DoS attacks, while a flaw rated ‘medium severity’ can be leveraged to manipulate communication channels and cause incorrect system behavior.
CISA pointed out that the impacted products are used worldwide, including in critical infrastructure sectors such as critical manufacturing, chemical, energy, water, and healthcare.
“We treat security concerns with utmost importance and act promptly to assess and rectify any issues,” Honeywell told SecurityWeek in an emailed statement. “Following the discovery of these vulnerabilities, we have made updates to Experion PKS products (C300 PCNT02, C300 PCNT05, EHB, EHPM, ELMM, Classic ENIM, ETN, FIM4, FIM8, UOC, CN100, HCA, C300PM, PGM, RFIM and C200E) and our OneWireless WDM. It is essential for all users to update their systems to the version mentioned in our Security Notice for enhanced security.”
The Russian cybersecurity firm Positive Technologies has been credited for reporting the vulnerabilities to Honeywell.
Dmitry Sklyar, who leads Positive Technologies’ industrial control systems (ICS) unit, told SecurityWeek that the vulnerabilities were discovered in Experion PKS devices, which include field-level network converters and I/O modules.
The expert pointed out that the impacted devices are typically used in industrial facilities in isolated network segments, making it unlikely for them to be exploited remotely over the internet.
“The vulnerabilities were found in network protocol handlers that lack identification and authentication functions. As a result, the only prerequisite for exploitation is access to the isolated segment,” Sklyar explained.
According to the researcher, the vulnerabilities can allow arbitrary code execution on compromised devices, which “could potentially enable an attacker to manipulate the industrial process and the devices themselves—stopping or rebooting them, modifying network settings, altering process parameters, etc.”
“To protect against such vulnerabilities, we recommend implementing vulnerability management systems,” Sklyar said.
Earlier this month, Nozomi Networks disclosed the details of over a dozen vulnerabilities found in the Niagara Framework developed by Honeywell-owned Tridium.
| Learn More at SecurityWeek’s ICS Cybersecurity Conference The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.  October 27-30, 2025 | Atlanta www.icscybersecurityconference.com |
Related: Order Out of Chaos – Using Chaos Theory Encryption to Protect OT and IoT
Related: Vulnerabilities Expose Helmholz Industrial Routers to Hacking
Related: New York Seeking Public Opinion on Water Systems Cyber Regulations
