CVE-2016-8344 MEDIUM

Published: 2017-02-13 | Last Modified: 2026-06-17 | Status: Modified

Description

An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices.

Additional Descriptions (1)

Ha sido descubierto un problema en la plataforma Honeywell Experion Process Knowledge System (PKS): Experion PKS, Release 3xx y versiones anteriores, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430 y Experion PKS, Release 431. Experion PKS No valida adecuadamente la entrada. Enviando un paquete especialmente manipulado, un atacante podría provocar que el proceso termine. Una explotación exitosa impediría cargas de firmware a los dispositivos de la Serie C.

CVSS Metrics

Base Score: 4.3 (MEDIUM)

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector	NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-20

Affected Products

Vendor	Product	Version	Update	Type
honeywell	experion_process_knowledge_system	*	<built-in method update of dict object at 0x7c3c40dd6180>	Application
honeywell	experion_process_knowledge_system	410	<built-in method update of dict object at 0x7c3bf3a1d300>	Application
honeywell	experion_process_knowledge_system	430	<built-in method update of dict object at 0x7c3c476bcfc0>	Application
honeywell	experion_process_knowledge_system	431	<built-in method update of dict object at 0x7c3c40dd4ac0>	Application
honeywell	experion_process_knowledge_system	*	<built-in method update of dict object at 0x7c3c40dd4380>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:honeywell:experion_process_knowledge_system::::::::`
Yes	`cpe:2.3:a:honeywell:experion_process_knowledge_system:410:::::::*`
Yes	`cpe:2.3:a:honeywell:experion_process_knowledge_system:430:::::::*`
Yes	`cpe:2.3:a:honeywell:experion_process_knowledge_system:431:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:honeywell:experion_process_knowledge_system::::::::`

References

http://www.securityfocus.com/bid/93950
Source: [email protected]

Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01
Source: [email protected]

Mitigation Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/93950
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01
Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Third Party Advisory US Government Resource