CVE-2023-25178

Name of the Vulnerable Software and Affected Versions Honeywell Experion PKS (affected versions not specified) Honeywell Experion LX (affected versions not specified) Experion PlantCruise (affected versions not specified)

Description The issue is related to insufficient data authentication in the software of Honeywell Experion PKS, Experion LX, and Experion PlantCruise. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability may also enable remote code execution if the controller is loaded with malicious firmware.

Recommendations For Honeywell Experion PKS, refer to the Honeywell Security Notification for recommendations on upgrading and versioning. For Honeywell Experion LX, refer to the Honeywell Security Notification for recommendations on upgrading and versioning. For Experion PlantCruise, refer to the Honeywell Security Notification for recommendations on upgrading and versioning. As a temporary workaround, consider restricting access to the controllers to minimize the risk of exploitation.