Honeywell Experion LX

Act Now9.1ICS-CERT ICSA-22-242-07Aug 30, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A missing access control vulnerability in Honeywell Experion LX allows unauthenticated attackers on the network to manipulate controller configuration and cause denial-of-service conditions. All versions are vulnerable. Honeywell has released firmware updates (R520.1 with secure boot, and R501.6/R511.5/R520 with secure lock functionality) as mitigations, but no complete fix is available for all affected versions.

What this means

What could happen

An attacker could manipulate the configuration of your Experion LX controller or cause it to stop responding, disrupting process monitoring and control across your facility.

Who's at risk

Water treatment, power generation, and any facility using Honeywell Experion LX distributed control systems (DCS) for process automation, including municipal utilities managing critical infrastructure operations.

How it could be exploited

An attacker with network access to the Experion LX could send crafted requests to exploit the lack of proper access controls, allowing them to modify device configuration or trigger a denial-of-service condition that stops the controller from responding to legitimate commands.

Prerequisites

Network access to Experion LX controller
No credentials or special configuration required

Remotely exploitableNo authentication requiredLow complexity attackNo complete patch available for all versionsAffects process control systems

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Experion LX: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGImplement firewall rules to limit connections to Experion LX to only authorized engineering and monitoring workstations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIf running Experion LX R520.1 or later, verify secure boot functionality and signed firmware are enabled

HOTFIXFor R501.6, R511.5, or R520: Contact Honeywell support to obtain and deploy the secure lock update, which restricts all firmware downloads to process controllers

Mitigations - no patch available

0/1

Experion LX: All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict direct network access to Experion LX controllers from untrusted networks or workstations

CVEs (1)

CVE-2022-30317

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/927fa7a3-a6a1-4ee2-9d9c-067811a6dfbd