Honeywell Experion LX Vulnerability Key Information CVSS v3 Score: 9.1 Attention: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion LX Vulnerability: Missing Authentication for Critical Function (CWE-306) Risk Evaluation Successful exploitation of this vulnerability could allow for configuration manipulation and a denial-of-service condition. Technical Details Affected Products: All versions of Experion LX Vulnerability Overview: The affected product uses the EpicMo protocol without authentication features, allowing attackers to manipulate firmware or cause a denial-of-service. CVE Identifier: CVE-2022-30317 Background Critical Infrastructure Sectors: Multiple Deployment: Worldwide Company Location: United States Researcher Reported by Daniel dos Santos and Jos Wetzels from Forescout Technologies. Mitigations Experion LX R520.1 includes secure boot and signed firmware. R501.6, R511.5, and R520 releases incorporate secure lock functionality. Additional guidance and resources are available on the CISA website.