SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-111880183] Honeywell Experion PKS Improper Input Validation Vulnerability

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-10-27SOFTWAREHoneywell Experion PKSHoneywell N/ACVE-2016-8344N/AN/AN/A

Source

						
							
								
#
# Honeywell Experion PKS Improper Input Validation Vulnerability
#


### OVERVIEW

Honeywell reported a denial-of-service condition caused by an improper input validation vulnerability in Honeywell's Experion Process Knowledge System (PKS) platform. Honeywell has produced patches to mitigate this vulnerability.

This vulnerability could be exploited remotely.





### AFFECTED PRODUCTS

The following Experion PKS versions are affected:

oExperion PKS, Release 3xx and prior,
oExperion PKS, Release 400,
oExperion PKS, Release 410,
oExperion PKS, Release 430, and
oExperion PKS, Release 431




### IMPACT

Successful exploitation of the vulnerability would prevent the Experion PKS client tools from uploading firmware to Series-C devices.

Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.





### BACKGROUND

Honeywell is a US-based company that maintains offices worldwide.

The affected product, Experion PKS, is a client tool used to configure firmware in Series-C devices. According to Honeywell, Experion PKS is deployed across several sectors including Commercial Facilities, Critical Manufacturing, Energy, Water and Wastewater Systems, and others. Honeywell estimates that this product is used primarily in the United States and Europe with a small percentage in Asia.





### VULNERABILITY CHARACTERIZATION


# VULNERABILITY OVERVIEW


IMPROPER INPUT VALIDATION

Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices.
CVE-2016-8344 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).





### VULNERABILITY DETAILS


# EXPLOITABILITY

This vulnerability could be exploited remotely.


# EXISTENCE OF EXPLOIT

No known public exploits specifically target this vulnerability.


# DIFFICULTY

An attacker with a medium skill would be able to exploit this vulnerability.




### MITIGATION

Honeywell recommends that Experion users download and apply the appropriate patch to protect themselves from this vulnerability.

Honeywell's software downloads to resolve the vulnerabilities include the following:
oR400.8 HOTFIX1,
oR410.8 HOTFIX6,
oR430.5 HOTFIX1, and
oR431.2 HOTFIX2

In the event that a patch is not yet available for a current Experion release, Honeywell recommends users either isolate the network traffic when using the client tools (eNAP Server service) or turn the eNAP Server service off when not uploading new firmware until a patch is available.


Users can contact Honeywell technical support for registration and installation instructions for these patches at the following URLs:

https://www.honeywellprocess.com/en-US/support/pages/request-support.aspx
https://www.honeywellprocess.com/en-US/contact-us/pages/default.aspx