Security Updates

Security Updates

  • Add to My Bookmarks
  • SHARE 

CrashOverride/Industroyer Malware

Malware currently referred to as either “CrashOverride”  or “Industroyer” is an industrial control system attack platform that is gaining attention due to the nature of its target platforms in addition to its modular design. The variant currently known to the security industry targets four protocols - IEC101, IEC104, IEC61850 and OPC DA - and is specifically designed to target industrial control systems used in electricity generation. We are actively monitoring threat intelligence platforms to determine potential risk and deterrence mechanisms. Please refer to Honeywell Recommends Steps to Mitigate Threats Posed by Malware below to mitigate threats posed by malicious software agents.

WannaCrypt Ransomware

On May 12, 2017 it was widely reported that many businesses were infected by ransomware. If you have a concern about your Process Control Network, it is recommended that you follow the best practices described on this page under “Honeywell Recommends Steps to Mitigate Threats Posed by Malware,” including installing the latest qualified Windows patches. For more information about this specific ransomware, see the report issued by the United States Computer Emergency Readiness Team (US-CERT) at

WannaCrypt is the one of many names that have gained traction for the ransomware that has had devastating effectiveness in spreading and infecting machines across the globe. It is taking advantage of an SMB exploit within Windows versions starting in Windows Vista (earlier versions may be impacted but they are no longer supported by Microsoft and were omitted from the announcement) and up to and including Windows 10 / Server 2016. Microsoft released a patch for this vulnerability that has been qualified in the SUIT image in the March ISO. McAfee and Symantec have also released emergency Signature (DAT) files that Honeywell has qualified. Customers should immediately:

  1. Ensure they have the latest SUIT patches installed

  2. Ensure they have the most up to date DAT files installed

Malware and Antivirus support

Honeywell supports the use of McAfee and Symantec antivirus packages as part of our industrial control solutions. McAfee and Symantec continuously monitor emerging cyber security threats and update their software to address threats.

Honeywell Recommends Steps to Mitigate Threats Posed by Malware

The following steps are recommended to mitigate threats posed by malicious software agents.
  1. Ensure that your antivirus software is up to date with the latest qualified packages.

  2. Ensure that host platforms are up to date with the latest qualified patches.

  3. Ensure that there are no e-mail clients on any nodes of your process control network.

  4. Use a firewall and DMZ for the business network to process control network interface.

  5. Use Honeywell's High Security Network Architecture to lock down the nodes in your system. 

  6. Restrict and monitor all I/O devices on your process control network. (IE, USB, CD/DVD drives) 

  7. Review the Experion Network and Security Planning Guide for additional guidance on securing your installation.

Additional Security Information

Honeywell Process Solutions publishes Security Notifications in the event that a product has a security vulnerability that has been resolved. Please subscribe to security notifications in order to ensure that your Honeywell products are up-to-date.

To report a security vulnerability against a Honeywell product, please visit

For more information about cyber security products and solutions please visit

National Cybersecurity and Communications Integration Center (NCCIP) Guidance

Honeywell also recommends that customers review the Destructive Malware white paper issued by the National Cybersecurity and Communications Integration Center (NCCIP) at


Finding the information you need is important to us.

Did you find what you were looking for today?

  Yes      No

How likely are you to recommend to a colleague?

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10

Not at all likely

Extremely likely

How can we serve you better?

Your email:

Your email address will help us get in touch with you to resolve your query/ concern.