Input Validation Flaw in Honeywell Experion Process Knowledge System
CVE-2016-8344

3.7LOW

Key Information:

Vendor: Honeywell
Status: Honeywell Experion Pks Through 431
Vendor: CVE Published:; 13 February 2017

What is CVE-2016-8344?

A vulnerability exists in the Honeywell Experion Process Knowledge System (PKS) that arises from improper input validation. Attackers can exploit this flaw by sending specially crafted packets, which may lead to unintended termination of the process. If successfully exploited, this vulnerability could hinder firmware uploads to the Series-C devices, impacting operational functionality.

Affected Version(s)

Honeywell Experion PKS through 431 Honeywell Experion PKS through 431

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01

x_refsource_MISC

http://www.securityfocus.com/bid/93950

vdb-entryx_refsource_BID

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2017
Vulnerability Reserved
Sep 28, 2016