Honeywell INNCOM INNControl 3 (ICSA-20-049-01) – Product Used in the Energy Sector

CISA has published an advisory on an improper privilege management vulnerability in Honeywell INNCOM INNControl 3. Versions 3.21 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to escalate user privileges within the INNControl application. Honeywell encourages users to contact an INNCOM sales representative or authorized systems integrator to obtain information on upgrading their system(s) to the latest version. Honeywell also recommends steps to mitigate the effects of potential vulnerabilities, subject to each user’s individual assessment of the potential impact(s) of the vulnerabilities and/or recommendations on their specific operational building control network environment(s). CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.