Honeywell Experion Process Knowledge System C200, C200E, C300, ACE controllers could be exploited to achieve remote code execution and denial-of-service (DoS) conditions. Honeywell has incorporated additional security enhancements by cryptographically signing each CCL binary that’s validated prior to its use. The issues hinge on the download code procedure that’s essential to program the logic running in the controller, thus enabling an attacker to mimic the process and upload arbitrary CLL binary files. Users urged to update or patch as soon as possible in order to mitigate these vulnerabilities fully.”]
Source: https://thehackernews.com/2021/10/multiple-critical-flaws-discovered-in.html