CVE-2025-33456

CriticalActively Exploited

Honeywell Experion PKS DCS Unauthorized Access

APT-RELATED

CRITICAL INFRASTRUCTURE

9.1

CVSS v3.1 Base Score

Critical severity — Immediate action required

AV: Network AC: LowAuth: None

Critical access control flaw in Honeywell Experion PKS allows unauthorized engineering workstation access. An attacker can modify controller configurations without valid credentials. This has been linked to reconnaissance activity by APT groups. Impact includes safety system override and process manipulation in refinery and chemical environments.

Status

Actively Exploited

Complexity

Low

Auth Required

Initial Access

Experion PKS engineering workstation network interface (TCP/51000-51010)

Threat Actors / APT Groups

BENTONITE

Known Techniques

Direct connection to engineering service bypassing RBAC middleware
Session token replay from captured network traffic
Configuration download via undocumented maintenance API

Published:2025-02-06

Modified:2025-02-11

Vendor:Honeywell

CWE:CWE-284

Improper Access Control

Risk Summary

Overall RiskCritical

ExploitationActively Exploited

DetectionMedium coverage

Detection Rate91%

Rules Available2

CVE-2025-33456

Honeywell Experion PKS DCS Unauthorized Access

CVSS v3.1 Base Score

Executive Summary

Exploitation Context

Technical Vulnerability Breakdown

Full Description

Detection & Rule Intelligence (2 rules)

Rule Effectiveness & Testing Results

OT Risk Assessment

Mitigation & Response Guidance

Recommendations & Tuning Notes

Affected Products

References