Security News

Newly discovered vulnerabilities in distributed control systems could allow attackers access to systems supporting industrial, energy, chemical and other operations. Security company Armis, in collaboration with operational technology company Honeywell, identified new vulnerabilities in Honeywell Experion distributed control system platforms.

Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for "Unauthorized remote code execution, which means an attacker would have the power to take over the devices and alter the operation of the DCS controller, whilst also hiding the alterations from the engineering workstation that manages the controller," Armis said in a statement shared with The Hacker News.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service conditions. "A Control Component Library may be modified by a bad actor and loaded to a controller such that malicious code is executed by the controller," Honeywell noted in an independent security notification published earlier this February.

Honeywell announced the addition of Operator Advisor to its Experion Highly Augmented Lookahead Operations suite. This powerful software solution enables plant owners to objectively measure gaps and drive operator effectiveness to the next level.

American industrial giant Honeywell this week announced a new cybersecurity monitoring and incident response service for industrial organizations. The new service, named Advanced Monitoring and Incident Response, is part of Honeywell's Forge managed security services offering.

Industrial giant Honeywell on Tuesday revealed that some of its IT systems were disrupted as a result of a malware attack. The company said the intrusion was detected "Recently" and only a "Limited number" of IT systems were disrupted.

Honeywell and IDEMIA announced a strategic alliance to create and cultivate an intelligent building ecosystem that provides a more seamless and enhanced experience for operators and occupants alike. The alliance will integrate Honeywell's security and building management systems with IDEMIA's biometric-based access control systems to create frictionless, safer and more efficient buildings.

Honeywell announces the launch of Honeywell Secure Media Exchange R201.1, an enterprise software offering to better protect users from advanced malware and firmware-based cybersecurity attacks from USB drives and other removable media. "We are excited to expand Honeywell SMX as an enterprise security solution to include hardware device management with our TRUST V2 ," said Jeff Zindel, vice president and general manager, Honeywell Connected Enterprise Cybersecurity.

The platform provides complete visibility of all connected systems and the scalability of the software makes it easy to grow with the changing needs of a business. Pro-Watch Intelligent Command is a web-based user interface that provides organizations complete situational awareness of their security system to protect people, property and assets.

Honeywell says it has seen a significant increase over the past year in USB-borne malware that can cause disruption to industrial control systems. While only 11% of the malware found on USB drives was specifically designed to target industrial systems - this represents a slight drop compared to the 14% identified in 2018 - 59% of the detected threats could cause significant disruption to industrial systems, compared to only 26% in 2018.