Security flaws in Honeywell devices could be used to disrupt critical industries
Reading Time: 2 minutesSecurity researchers have discovered numerous vulnerabilities in Honeywell devices used in critical industries that could, if exploited, allow hackers to cause physical disruption and potentially impact the safety of human lives.
Researchers at Armis, a cybersecurity company specializing in asset security, uncovered nine vulnerabilities in Honeywell’s Experion distributed control system (DCS) products. These are digital automated industrial control systems that are used to control large industrial processes across critical industries — like energy and pharmaceutical — where high availability and continuous operations are critical.
The vulnerabilities, seven of which have been given a critical-severity rating, could allow for an attacker to remotely run unauthorized code on both the Honeywell server and controllers, according to Armis. An attacker would need network access to exploit the flaws, which can be gained by compromising a device within a network, from a laptop to a vending machine. However, the bugs allow for unauthenticated access, which means an attacker wouldn’t need to log into the controller in order to exploit it.
Simpson said that the nature of the bugs mean that an attacker can hide these changes from the engineering workstation that manages the DCS controller. ‘Imagine you have an operator with all the displays controlling the information from the plant, in this environment, everything is fine,’ he added. ‘When it comes to down below in the plant, everything is essentially on fire.’
This is particularly problematic for the oil and gas mining industry, Armis says, where Honeywell DCS systems operate. Honeywell customers include energy giant Shell, U.S. government agencies including the Department of Defense and NASA, and research-based biopharmaceutical company AstraZeneca, according to Honeywell’s website.
‘If you’re able to disrupt critical infrastructure, you’re able to disrupt a country’s ability to operate in many different ways,’ Simpson said. ‘Recovering from this would also be a nightmare. If you look at the pervasiveness of this type of attack, coupled with the lack of cyber awareness about this ecosystem, it could cost organizations millions of dollar per hour to rebuild.’
When reached for comment, Honeywell spokesperson Caitlin E. Leopold said: ‘We have been working with ARMIS on this issue as part of a responsible disclosure process. We have released patches to resolve the vulnerability and notified impacted customers. There are no known exploits of this vulnerability at this time. Experion C300 owners should continue to isolate and monitor their process control network and apply available patches as soon as possible.’
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG