So, back in November, Russian researchers dropped a load of ICS vulnerabilities. 25 in all. Honeywell seems to keep a pretty tight lip on the details. Maybe Positive Technologies, who discovered them, will shed more light on what’s really going on here.
At any rate, looking through what details are public, Critical Intelligence realized that Honeywell reportedly released a patch for the vulnerabilities as far back of June 2014.
Well, in case you didn’t know, one of the other awesome things that Critical intelligence does is monitor for patches and new product releases for control systems software.
And guess what? Critical Intelligence included information about those patches in its June 5, 2014 report. So, if you had been subscribed to the Core ICS Intelligence service, and were running Honeywell Experion, you would have known about the availability of these patches six months ago. I think that’s pretty cool. What other group/firm has done that for its customers for five years?