Industrial equipment from Rockwell Automation and Honeywell found to have critical security weaknesses
In a recent development, critical vulnerabilities have been identified in products from industrial automation giants Honeywell and Rockwell Automation. These vulnerabilities, collectively known as the Crit.IX vulnerabilities, pose a significant risk to the safety, operational continuity, and security of industrial control systems.
According to CISA officials, the Crit.IX vulnerabilities are exploitable remotely and have low attack complexity. One of these vulnerabilities, CVE-2023-3595, could allow an attacker to remotely take over a system and modify, block, or steal data. A related vulnerability, CVE-2023-3596, could potentially lead to a denial of service condition.
Honeywell began issuing hotfixes for these vulnerabilities in April and notified customers. Similarly, Rockwell Automation has collaborated with government officials to address the vulnerabilities, and has not received reports of active exploitation, according to a spokesperson. However, authorities and security researchers are warning about these critical vulnerabilities, urging organizations using the affected products to upgrade to the latest firmware as soon as possible.
The devices are used in many industrial settings, including electric, oil and gas, liquefied natural gas, and manufacturing. The potential impact of these vulnerabilities includes unauthorized control or disruption of industrial processes, compromise of sensitive operational data, and potential safety risks to operators and equipment.
Researchers have identified critical vulnerabilities in Honeywell's Experion DCS platforms. An attacker would need access to the process control network to exploit these vulnerabilities, as it is typically segregated from other IT systems. The vulnerabilities in Honeywell Experion DCS platforms are named Crit.IX.
The disclosures come at a time of heightened threat activity against critical infrastructure providers. For instance, Armis researchers have identified critical vulnerabilities in Honeywell Experion DCS platforms, while Dragos researchers compare the risk to the 2017 Trisis malware attacks.
To mitigate these threats, it is recommended to apply vendor-released security patches and updates immediately, implement network segmentation and strict access controls, monitor systems for suspicious activity or indicators of compromise, and consult vendor advisories for specific remediation steps. Keeping industrial control systems regularly updated and monitored is critical to mitigating such threats.
For exact descriptions, impact assessments, and patch instructions on CVE-2023-3595, CVE-2023-3596, and Crit.IX vulnerabilities, it is advisable to consult official Honeywell and Rockwell Automation security advisories or trusted vulnerability databases (e.g., MITRE, NVD).
- The cybersecurity industry is urging organizations in the financial, energy, and oil-and-gas sectors to upgrade their systems promptly, as critical vulnerabilities in Honeywell and Rockwell Automation products, known as the Crit.IX vulnerabilities, pose a significant risk.
- These vulnerabilities, such as CVE-2023-3595 and CVE-2023-3596, are widely exploitable and could allow malware to modify, block, or steal data, or potentially cause a denial of service condition.
- The technology involved in industrial automation, including that used in cybersecurity, must be prioritized for updates and security measures to protect against potential unauthorized control, compromise of sensitive operational data, and safety risks.
- The Crit.IX vulnerabilities in Honeywell's Experion DCS platforms have been identified by researchers, and an attacker would need access to the process control network to exploit these weaknesses.
- Government authorities and security researchers are continuing to monitor the threat landscape, with groups like Armis and Dragos highlighting the high-risk potential of such vulnerabilities in critical infrastructure providers, similar to the 2017 Trisis malware attacks.
