Sign-up

ID

VAR-201702-0294


CVE

CVE-2016-8344


TITLE

Honeywell Experion PKS Denial of service vulnerability

Trust: 1.4

sources: IVD: cd260ec9-6ff7-40bb-ada7-11c2f4aab393 // CNVD: CNVD-2016-10607 // CNNVD: CNNVD-201610-859

DESCRIPTION

An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. Honeywell EPKS is used in the automation and control of industrial and production processes and is a distributed control system solution, including a web-based SCADA system. Honeywell Experion PKS has a denial of service vulnerability. An attacker could exploit this vulnerability to trigger a denial of service attack

Trust: 2.61

sources: NVD: CVE-2016-8344 // JVNDB: JVNDB-2016-007989 // CNVD: CNVD-2016-10607 // BID: 93950 // IVD: cd260ec9-6ff7-40bb-ada7-11c2f4aab393

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: cd260ec9-6ff7-40bb-ada7-11c2f4aab393 // CNVD: CNVD-2016-10607

AFFECTED PRODUCTS

vendor:honeywellmodel:experion process knowledge systemscope:eqversion:430

Trust: 1.6

vendor:honeywellmodel:experion process knowledge systemscope:eqversion:410

Trust: 1.6

vendor:honeywellmodel:experion process knowledge systemscope:eqversion:431

Trust: 1.6

vendor:honeywellmodel:experion process knowledge systemscope:lteversion:311

Trust: 1.0

vendor:honeywellmodel:experion process knowledge systemscope:lteversion:411

Trust: 1.0

vendor:honeywellmodel:experion process knowledge systemscope:ltversion:(pks) release 3xx

Trust: 0.8

vendor:honeywellmodel:experion process knowledge systemscope:eqversion:(pks) release 400

Trust: 0.8

vendor:honeywellmodel:experion process knowledge systemscope:eqversion:(pks) release 410

Trust: 0.8

vendor:honeywellmodel:experion process knowledge systemscope:eqversion:(pks) release 430

Trust: 0.8

vendor:honeywellmodel:experion process knowledge systemscope:eqversion:(pks) release 431

Trust: 0.8

vendor:honeywellmodel:experion pks <=releasescope:eqversion:3xx

Trust: 0.6

vendor:honeywellmodel:experion pks releasescope:eqversion:400

Trust: 0.6

vendor:honeywellmodel:experion pks releasescope:eqversion:410

Trust: 0.6

vendor:honeywellmodel:experion pks releasescope:eqversion:430

Trust: 0.6

vendor:honeywellmodel:experion pks releasescope:eqversion:431

Trust: 0.6

vendor:honeywellmodel:experion process knowledge systemscope:eqversion:400

Trust: 0.6

vendor:honeywellmodel:experion process knowledge systemscope:eqversion:311

Trust: 0.6

vendor:experion process knowledge systemmodel: - scope:eqversion:*

Trust: 0.4

vendor:honeywellmodel:experion pks r431scope: - version: -

Trust: 0.3

vendor:honeywellmodel:experion pks r430scope: - version: -

Trust: 0.3

vendor:honeywellmodel:experion pks r410scope: - version: -

Trust: 0.3

vendor:honeywellmodel:experion pks r400scope: - version: -

Trust: 0.3

vendor:honeywellmodel:experion pks r300scope: - version: -

Trust: 0.3

vendor:honeywellmodel:experion pks r431.2 hotfix2scope:neversion: -

Trust: 0.3

vendor:honeywellmodel:experion pks r430.5 hotfix1scope:neversion: -

Trust: 0.3

vendor:honeywellmodel:experion pks r410.8 hotfix6scope:neversion: -

Trust: 0.3

vendor:honeywellmodel:experion pks r400.8 hotfix1scope:neversion: -

Trust: 0.3

vendor:experion process knowledge systemmodel: - scope:eqversion:410

Trust: 0.2

vendor:experion process knowledge systemmodel: - scope:eqversion:430

Trust: 0.2

vendor:experion process knowledge systemmodel: - scope:eqversion:431

Trust: 0.2

sources: IVD: cd260ec9-6ff7-40bb-ada7-11c2f4aab393 // CNVD: CNVD-2016-10607 // BID: 93950 // JVNDB: JVNDB-2016-007989 // CNNVD: CNNVD-201610-859 // NVD: CVE-2016-8344

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8344
value: LOW

Trust: 1.0

NVD: CVE-2016-8344
value: LOW

Trust: 0.8

CNVD: CNVD-2016-10607
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201610-859
value: LOW

Trust: 0.6

IVD: cd260ec9-6ff7-40bb-ada7-11c2f4aab393
value: LOW

Trust: 0.2

nvd@nist.gov: CVE-2016-8344
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-10607
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: cd260ec9-6ff7-40bb-ada7-11c2f4aab393
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2016-8344
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: IVD: cd260ec9-6ff7-40bb-ada7-11c2f4aab393 // CNVD: CNVD-2016-10607 // JVNDB: JVNDB-2016-007989 // CNNVD: CNNVD-201610-859 // NVD: CVE-2016-8344

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-007989 // NVD: CVE-2016-8344

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-859

TYPE

Input validation error

Trust: 1.1

sources: IVD: cd260ec9-6ff7-40bb-ada7-11c2f4aab393 // BID: 93950 // CNNVD: CNNVD-201610-859

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007989

PATCH
title:Experion PKSurl:https://www.honeywellprocess.com/en-US/explore/products/control-monitoring-and-safety-systems/integrated-control-and-safety-systems/experion-pks/pages/default.aspx
Trust: 0.8
title:Honeywell Experion PKS Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/83481
Trust: 0.6
title:Honeywell Experion PKS Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65181
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-10607 // 
            
            
            
            JVNDB: JVNDB-2016-007989 // 
            
            
            
            CNNVD: CNNVD-201610-859

EXTERNAL IDS
db:NVDid:CVE-2016-8344
Trust: 3.5
db:ICS CERTid:ICSA-16-301-01
Trust: 2.7
db:BIDid:93950
Trust: 2.5
db:CNVDid:CNVD-2016-10607
Trust: 0.8
db:CNNVDid:CNNVD-201610-859
Trust: 0.8
db:JVNDBid:JVNDB-2016-007989
Trust: 0.8
db:IVDid:CD260EC9-6FF7-40BB-ADA7-11C2F4AAB393
Trust: 0.2
sources:
            
            
            IVD: cd260ec9-6ff7-40bb-ada7-11c2f4aab393 // 
            
            
            
            CNVD: CNVD-2016-10607 // 
            
            
            
            BID: 93950 // 
            
            
            
            JVNDB: JVNDB-2016-007989 // 
            
            
            
            CNNVD: CNNVD-201610-859 // 
            
            
            
            NVD: CVE-2016-8344

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-301-01
Trust: 2.7
url:http://www.securityfocus.com/bid/93950
Trust: 2.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8344
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8344
Trust: 0.8
url:http://www.security.honeywell.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-10607 // 
            
            
            
            BID: 93950 // 
            
            
            
            JVNDB: JVNDB-2016-007989 // 
            
            
            
            CNNVD: CNNVD-201610-859 // 
            
            
            
            NVD: CVE-2016-8344

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 93950

SOURCES
db:IVDid:cd260ec9-6ff7-40bb-ada7-11c2f4aab393
db:CNVDid:CNVD-2016-10607
db:BIDid:93950
db:JVNDBid:JVNDB-2016-007989
db:CNNVDid:CNNVD-201610-859
db:NVDid:CVE-2016-8344

LAST UPDATE DATE
2025-04-20T23:36:57.647000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-10607date:2016-11-04T00:00:00
db:BIDid:93950date:2016-11-24T07:04:00
db:JVNDBid:JVNDB-2016-007989date:2017-04-05T00:00:00
db:CNNVDid:CNNVD-201610-859date:2019-04-19T00:00:00
db:NVDid:CVE-2016-8344date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:cd260ec9-6ff7-40bb-ada7-11c2f4aab393date:2016-11-04T00:00:00
db:CNVDid:CNVD-2016-10607date:2016-11-04T00:00:00
db:BIDid:93950date:2016-10-27T00:00:00
db:JVNDBid:JVNDB-2016-007989date:2017-04-05T00:00:00
db:CNNVDid:CNNVD-201610-859date:2016-10-31T00:00:00
db:NVDid:CVE-2016-8344date:2017-02-13T21:59:00.610