CVE-2016-8344

LOW

Honeywell Experion PKS through 431 - Denial of Service via Crafted Packet

Title source: llm
STIX 2.1

Description

An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices.

References (2)

Core 2
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93950

Scores

CVSS v3 3.7
EPSS 0.0155
EPSS Percentile 72.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-20
Status published
Products (5)
honeywell/experion_process_knowledge_system 410
honeywell/experion_process_knowledge_system 430
honeywell/experion_process_knowledge_system 431
honeywell/experion_process_knowledge_system < 311
n/a/Honeywell Experion PKS through 431 Honeywell Experion PKS through 431
Published Feb 13, 2017
Tracked Since Feb 18, 2026