Honeywell is suggesting users affected by the directory traversal vulnerability in its unsupported phased out versions of its Experion PKS application still in use to upgrade to supported versions of the software, which have patches available, according to a report on ICS-CERT.
The remotely exploitable vulnerability, discovered by Joel Langill, operational security professional, ICS cyber security expert and founder of SCADAhacker.com, is suffering from exploits that target this vulnerability.
Honeywell Experion PKS software release 310.x and below suffer from the issue.
An attacker may use this vulnerability to perform initial information disclosure, including access to credentials that could end up used to escalate privileges.
Honeywell is a U.S.-based company that maintains offices worldwide.
The affected product, certain versions of Experion PKS, is an advanced client-server distributed control system (DCS) architecture deployed across multiple critical and noncritical industries, including energy and chemical sectors.
The affected products contain a directory traversal vulnerability that could allow an attacker to escalate privileges on the system to gain access to the host’s root directory.
CVE-2007-6483 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.4.
An attacker with a low skill would be able to exploit this vulnerability.
Honeywell recommends that customers using these versions upgrade to supported versions of Experion software. Since the vulnerable service remains installed, users should ensure the Windows firewall remains enabled at all times. Enabling the Windows-based firewall and maintaining other safeguards can mitigate the risk.
The current status of Honeywell Experion support is:
• Experion R43x is in Primary Phase
• Experion R41x is in Secondary Support phase
• Experion R40x is in Legacy Support phase
• All other versions phased out
For existing customers, there is more information on the Honeywell Process Solutions website (login required).