Honeywell has released patches for several critical and high-severity vulnerabilities in its Experion Process Knowledge System (PKS), a widely used industrial process control and automation product. The most severe flaws reside in the Control Data Access (CDA) component and can be exploited to execute arbitrary code remotely—potentially allowing attackers to alter process parameters, reboot systems, or modify device behavior. Additionally, two vulnerabilities enable denial-of-service (DoS) attacks, and another, of medium severity, can manipulate communication channels, causing unintended or incorrect system behavior.

These vulnerabilities impact global deployments across essential infrastructure sectors including energy, manufacturing, water, healthcare, and chemical industries. Although the affected devices are typically located in isolated network segments—making direct internet exploitation unlikely—attackers gaining local access could cause significant operational disruption. The vulnerabilities were discovered by Positive Technologies and disclosed through a CISA advisory, prompting urgent patching and reinforcing the importance of network isolation and rigorous vulnerability management practices.

‍

Source: https://www.securityweek.com/honeywell-experion-pks-flaws-allow-manipulation-of-industrial-processes/