Zero day flaws in Honeywell ControlEdge PLC, RTU for critical infrastructure: No patch available

Vulnerability assessment specialists report the discovery of multiple vulnerabilities in ControlEdge and RTU, security products developed by Honeywell. Successful exploit of these vulnerabilities could allow threat actors to obtain passwords and session tokens.

Honeywell is an American company that produces a wide variety of consumer products, engineering services and aerospace systems for a wide variety of customers, from private buyers to large corporations and governments. The company’s solutions are used in areas such as production, energy, wastewater systems, and chemical industry, among others.

Below is a brief overview of the reported flaws, in addition to their respective scores and identification keys according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-10628: This is a sensitive information transmission in plain text vulnerability. The affected device exposes unencrypted passwords on the network, which could leave them within reach of hackers, vulnerability analysis experts mentioned. 

This vulnerability received a CVSS score of 5.9/10, making it a medium severity issue.

CVE-2020-10624: This is also a vulnerability of sensitive information in plain text exposure; exploiting this flaw would allow threat actors to obtain a session token on the network.

This flaw also received a 5.9/10 score on the CVSS scale.

The vulnerabilities are found in the following versions of ControlEdge PLC and RTU:

  • ControlEdge PLC R130.2, R140, R150 and R151
  • ControlEdge RTU R101, R110, R140, R150 and R151

The flaws were reported by Nikolay Sklyarenko, Kaspersky’s vulnerability analysis specialist.

For its part, the company launched a guide to mitigate the risk of exploitation, as at the moment there are no security patches available. Users of affected deployments can find this comprehensive mitigation guide on Honeywell’s official platforms.

The International Institute of Cyber Security (IICS) also recommends that users enable some additional protective measures, such as:

  • Minimize network exposure for all devices or systems in the control system
  • Identify remote networks and devices behind firewalls and isolate them from the enterprise network

• When remote access is required, use secure methods, such as virtual private networks (VPNs). You should not forget that VPNs can have vulnerabilities and should always be kept up-to-date with their latest versions.

These measures can help system administrators reduce operating risks significantly.