Tag: Honeywell Experion

Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services
News

Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services

The Honeywell Experion distributed control system (DCS) and QuickBlox, among other services, have a number of security flaws that, if successfully exploited, might seriously damage the affected systems. The nine vulnerabilities in the Honeywell Experion DCS platform, collectively known as Crit.IX, allow for "unauthorized remote code execution, which means an attacker would have the power to take over the devices and alter the operation of the DCS controller, whilst also hiding the alterations from the engineering workstation that manages the controller," Armis said in a statement provided to The Hacker News. To put it another way, the problems stem from Control Data Access (CDA), a proprietary protocol used to connect Experion Servers and C300 controllers, not having sufficient encr...