On the legacy Honeywell server and controllers, these flaws, termed Crit.IX, may permit unauthorised remote code execution. Nine new vulnerabilities in Honeywell Experion DCS platforms have been discovered, according to security researchers from Armis, a cybersecurity company, and Honeywell, an American conglomerate.
According to reports, Armis discovered these holes in the Experion C300 controllers and server in May 2022. Armis then alerted Honeywell about the 13 code errors, which were eventually combined into nine additional vulnerabilities. Seven of the nine vulnerabilities were deemed to be critical. Together, Armis and Honeywell made the decision to look into these revelations and their potential implications.