References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a dereferencing of an uninitialized pointer leading to a denial of service.



Honeywell recommends updating to the most recent version of 

Honeywell Experion PKS: 520.2 TCU9 HF1and 530.1 TCU3 HF1. The affected Experion PKS products are 

C300 PCNT02, EHB, EHPM, ELMM, Classic ENIM, ETN, FIM4, FIM8, PGM, and RFIM.  The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3.

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-457

https://process.honeywell.com/