Honeywell HMIWeb Browser Buffer Overflow Vulnerability

Low RiskICS-CERT ICSA-12-150-01Mar 2, 2012

Summary

A buffer overflow vulnerability exists in the HMIWeb browser component used in Honeywell Process Solutions Experion, Building Solutions Enterprise Building Manager, and Environmental Combustion & Controls. The affected versions are Experion R400.x, R31x, R30x, and R2xx; Enterprise Building Manager R400 and R410.1; and SymmetrE R410.1. An attacker with network access to the HMIWeb interface could send a specially crafted request that overflows a buffer and executes arbitrary code on the host system. No vendor patch is available for any affected product line.

What this means

What could happen

A buffer overflow in HMIWeb browser could allow an attacker with network access to execute code on the host system, potentially disrupting process monitoring, control commands, or alarming functions in industrial facilities.

Who's at risk

Manufacturing facilities using Honeywell Process Solutions Experion, Building Solutions Enterprise Building Manager, or Environmental Combustion & Controls systems rely on HMIWeb for remote monitoring and control. Plant operators, control room staff, and system administrators who depend on these interfaces are affected.

How it could be exploited

An attacker on the network sends a malformed request to the HMIWeb browser interface that overflows a buffer in memory, allowing arbitrary code execution. This could occur through a crafted HTTP request or similar input vector targeting the web interface.

Prerequisites

Network access to the HMIWeb browser interface (typically port 80 or 443)
No authentication required to trigger the vulnerability

No patch availableBuffer overflow vulnerability (memory corruption)Remote code execution potentialLow EPSS score but unfixed legacy systems

Exploitability

Moderate exploit probability (EPSS 2.6%)

Affected products (3)

1 pending2 EOL

ProductAffected VersionsFix Status

Environmental Combustion & Controls: SymmetrE_R410.1SymmetrE R410.1No fix yet

Process Solutions Experion: R400.x|R31x|R30x|R2xxR400.x|R31x|R30x|R2xxNo fix (EOL)

Building Solutions Enterprise Building Manager: R400|R410.1|R410.1R400|R410.1|R410.1No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to HMIWeb browser interfaces to authorized engineering and operations staff only, using host-based or network firewall rules

WORKAROUNDDisable HMIWeb browser functionality if not actively required for operations

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: Process Solutions Experion: R400.x|R31x|R30x|R2xx, Building Solutions Enterprise Building Manager: R400|R410.1|R410.1. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate affected control systems from untrusted networks and the internet

HARDENINGMonitor HMIWeb logs for suspicious requests or unusual access patterns

CVEs (1)

CVE-2012-0254

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4ea3fa15-c61b-4729-95d4-01dafc65a5b1