CVE-2016-8344
LOWHoneywell Experion PKS through 431 - Denial of Service via Crafted Packet
Title source: llmDescription
An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices.
References (2)
Core 2
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93950
Scores
CVSS v3
3.7
EPSS
0.0155
EPSS Percentile
72.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-20
Status
published
Products (5)
honeywell/experion_process_knowledge_system
410
honeywell/experion_process_knowledge_system
430
honeywell/experion_process_knowledge_system
431
honeywell/experion_process_knowledge_system
< 311
n/a/Honeywell Experion PKS through 431
Honeywell Experion PKS through 431
Published
Feb 13, 2017
Tracked Since
Feb 18, 2026