CVE-2023-26597

Name of the Vulnerable Software and Affected Versions Honeywell Experion PKS versions (affected versions not specified) Honeywell Experion LX versions (affected versions not specified) Honeywell Experion PlantCruise versions (affected versions not specified)

Description The issue is related to a buffer overflow in the handling of a specially crafted message received by the controller, which can cause a denial of service (DoS). The vulnerability is also associated with incorrect clearing or release of resources in the software of programmable logic controllers. An attacker can exploit this vulnerability remotely, leading to a denial of service.

Recommendations For Honeywell Experion PKS, refer to Honeywell Security Notification for recommendations on upgrading and versioning. For Honeywell Experion LX, refer to Honeywell Security Notification for recommendations on upgrading and versioning. For Honeywell Experion PlantCruise, refer to Honeywell Security Notification for recommendations on upgrading and versioning. As a temporary workaround, consider disabling the handling of specially crafted messages until a patch is available. Restrict access to the vulnerable controller to minimize the risk of exploitation.