CVE-2016-8344

low-risk
Published 2017-02-13

An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices.

Do I need to act?

-
0.94% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10 Low
NETWORK / HIGH complexity

Affected Products (4)

Experion Process Knowledge System
Experion Process Knowledge System
Experion Process Knowledge System
Experion Process Knowledge System

Affected Vendors

Honeywell

References (4)

Third Party Advisory http://www.securityfocus.com/bid/93950
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01
Third Party Advisory http://www.securityfocus.com/bid/93950
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01
26
/ 100
low-risk
Severity 13/34 · Low
Exploitability 3/34 · Minimal
Exposure 10/34 · Low