References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

The Honeywell Experion PKS contains an Integer Underflow 

vulnerability 

in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to 

Input Data Manipulation, which could result in improper integer data value checking during subtraction leading to a denial of service.



Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1.

The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E.  The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3.

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-191

https://process.honeywell.com/