CVE-2023-25948

Name of the Vulnerable Software and Affected Versions Honeywell Experion PKS (affected versions not specified) Honeywell Experion LX (affected versions not specified) Experion PlantCruise (affected versions not specified)

Description The issue is related to a server information leak of configuration data when an error is generated in response to a specially crafted message. This is due to insufficient validation of return values in the software of Honeywell Experion PKS, Experion LX, and Experion PlantCruise programmable logic controllers and distributed control systems. Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Honeywell Experion PKS, consider upgrading to a version that addresses the issue, following recommendations from Honeywell Security Notification. For Honeywell Experion LX, consider upgrading to a version that addresses the issue, following recommendations from Honeywell Security Notification. For Experion PlantCruise, consider upgrading to a version that addresses the issue, following recommendations from Honeywell Security Notification. As a temporary workaround, consider restricting access to error messages and configuration data to minimize the risk of exploitation.