Description:

Honeywell has released a security alert to address several vulnerabilities in the following products:

• ControlEdge: All versions prior to 151.2
• Experion LX: All versions
• IQ Series Controllers that utilize Inter-Controller (IC) protocol: All versions

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Denial of service attack (DoS)
• Execute arbitrary code -remotely

Best practice and Recommendations:

The CERT team recommends the following:

• Honeywell has fixed the reported issue of ControlEdge; users are advised to upgrade to version 151.2 or later.
• Experion LX R520.1 incorporates secure boot functionality and signed firmware images.
• LX R501.6, R511.5 and R520 releases have an update to incorporate the secure lock functionality. Secure lock restricts all firmware downloads to process controllers while the lock is invoked.
• Honeywell recommends users with IQ Series Controllers products take the following steps:
  • Procure and utilize currently supported hardware through reputable supply channels.
  • Apply product updates as available.
  • Follow guidance in the product security manual to ensure isolation of network segments upon which building automation controllers reside.
  • Ensure adequate security controls are in place between OT and IT network segments.
  • Disable unnecessary accounts and services.
  • Restrict system access to authorized personnel only and follow a least privilege approach.
  • Apply defense-in-depth strategies.
  • Log and monitor network traffic for suspicious activity.