var-201702-0294
Vulnerability from variot
An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. Honeywell EPKS is used in the automation and control of industrial and production processes and is a distributed control system solution, including a web-based SCADA system. Honeywell Experion PKS has a denial of service vulnerability. An attacker could exploit this vulnerability to trigger a denial of service attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0294",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "experion process knowledge system",
"scope": "eq",
"trust": 1.6,
"vendor": "honeywell",
"version": "430"
},
{
"model": "experion process knowledge system",
"scope": "eq",
"trust": 1.6,
"vendor": "honeywell",
"version": "410"
},
{
"model": "experion process knowledge system",
"scope": "eq",
"trust": 1.6,
"vendor": "honeywell",
"version": "431"
},
{
"model": "experion process knowledge system",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "311"
},
{
"model": "experion process knowledge system",
"scope": "lte",
"trust": 1.0,
"vendor": "honeywell",
"version": "411"
},
{
"model": "experion process knowledge system",
"scope": "lt",
"trust": 0.8,
"vendor": "honeywell",
"version": "(pks) release 3xx"
},
{
"model": "experion process knowledge system",
"scope": "eq",
"trust": 0.8,
"vendor": "honeywell",
"version": "(pks) release 400"
},
{
"model": "experion process knowledge system",
"scope": "eq",
"trust": 0.8,
"vendor": "honeywell",
"version": "(pks) release 410"
},
{
"model": "experion process knowledge system",
"scope": "eq",
"trust": 0.8,
"vendor": "honeywell",
"version": "(pks) release 430"
},
{
"model": "experion process knowledge system",
"scope": "eq",
"trust": 0.8,
"vendor": "honeywell",
"version": "(pks) release 431"
},
{
"model": "experion pks \u003c=release",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "3xx"
},
{
"model": "experion pks release",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "400"
},
{
"model": "experion pks release",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "410"
},
{
"model": "experion pks release",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "430"
},
{
"model": "experion pks release",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "431"
},
{
"model": "experion process knowledge system",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "400"
},
{
"model": "experion process knowledge system",
"scope": "eq",
"trust": 0.6,
"vendor": "honeywell",
"version": "311"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "experion process knowledge system",
"version": "*"
},
{
"model": "experion pks r431",
"scope": null,
"trust": 0.3,
"vendor": "honeywell",
"version": null
},
{
"model": "experion pks r430",
"scope": null,
"trust": 0.3,
"vendor": "honeywell",
"version": null
},
{
"model": "experion pks r410",
"scope": null,
"trust": 0.3,
"vendor": "honeywell",
"version": null
},
{
"model": "experion pks r400",
"scope": null,
"trust": 0.3,
"vendor": "honeywell",
"version": null
},
{
"model": "experion pks r300",
"scope": null,
"trust": 0.3,
"vendor": "honeywell",
"version": null
},
{
"model": "experion pks r431.2 hotfix2",
"scope": "ne",
"trust": 0.3,
"vendor": "honeywell",
"version": null
},
{
"model": "experion pks r430.5 hotfix1",
"scope": "ne",
"trust": 0.3,
"vendor": "honeywell",
"version": null
},
{
"model": "experion pks r410.8 hotfix6",
"scope": "ne",
"trust": 0.3,
"vendor": "honeywell",
"version": null
},
{
"model": "experion pks r400.8 hotfix1",
"scope": "ne",
"trust": 0.3,
"vendor": "honeywell",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "experion process knowledge system",
"version": "410"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "experion process knowledge system",
"version": "430"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "experion process knowledge system",
"version": "431"
}
],
"sources": [
{
"db": "IVD",
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393"
},
{
"db": "CNVD",
"id": "CNVD-2016-10607"
},
{
"db": "BID",
"id": "93950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007989"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-859"
},
{
"db": "NVD",
"id": "CVE-2016-8344"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:honeywell:experion_process_knowledge_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007989"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "93950"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-8344",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10607",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2016-8344",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8344",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2016-8344",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2016-10607",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-859",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393"
},
{
"db": "CNVD",
"id": "CNVD-2016-10607"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007989"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-859"
},
{
"db": "NVD",
"id": "CVE-2016-8344"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. Honeywell EPKS is used in the automation and control of industrial and production processes and is a distributed control system solution, including a web-based SCADA system. Honeywell Experion PKS has a denial of service vulnerability. An attacker could exploit this vulnerability to trigger a denial of service attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8344"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007989"
},
{
"db": "CNVD",
"id": "CNVD-2016-10607"
},
{
"db": "BID",
"id": "93950"
},
{
"db": "IVD",
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8344",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-301-01",
"trust": 2.7
},
{
"db": "BID",
"id": "93950",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2016-10607",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-859",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007989",
"trust": 0.8
},
{
"db": "IVD",
"id": "CD260EC9-6FF7-40BB-ADA7-11C2F4AAB393",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393"
},
{
"db": "CNVD",
"id": "CNVD-2016-10607"
},
{
"db": "BID",
"id": "93950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007989"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-859"
},
{
"db": "NVD",
"id": "CVE-2016-8344"
}
]
},
"id": "VAR-201702-0294",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393"
},
{
"db": "CNVD",
"id": "CNVD-2016-10607"
}
],
"trust": 1.3833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393"
},
{
"db": "CNVD",
"id": "CNVD-2016-10607"
}
]
},
"last_update_date": "2024-11-23T22:59:25.767000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Experion PKS",
"trust": 0.8,
"url": "https://www.honeywellprocess.com/en-US/explore/products/control-monitoring-and-safety-systems/integrated-control-and-safety-systems/experion-pks/pages/default.aspx"
},
{
"title": "Honeywell Experion PKS Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83481"
},
{
"title": "Honeywell Experion PKS Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65181"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10607"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007989"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-859"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007989"
},
{
"db": "NVD",
"id": "CVE-2016-8344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-301-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/93950"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8344"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8344"
},
{
"trust": 0.3,
"url": "http://www.security.honeywell.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10607"
},
{
"db": "BID",
"id": "93950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007989"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-859"
},
{
"db": "NVD",
"id": "CVE-2016-8344"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393"
},
{
"db": "CNVD",
"id": "CNVD-2016-10607"
},
{
"db": "BID",
"id": "93950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007989"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-859"
},
{
"db": "NVD",
"id": "CVE-2016-8344"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-04T00:00:00",
"db": "IVD",
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10607"
},
{
"date": "2016-10-27T00:00:00",
"db": "BID",
"id": "93950"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007989"
},
{
"date": "2016-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-859"
},
{
"date": "2017-02-13T21:59:00.610000",
"db": "NVD",
"id": "CVE-2016-8344"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10607"
},
{
"date": "2016-11-24T07:04:00",
"db": "BID",
"id": "93950"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007989"
},
{
"date": "2019-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-859"
},
{
"date": "2024-11-21T02:59:11.613000",
"db": "NVD",
"id": "CVE-2016-8344"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-859"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Honeywell Experion PKS Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393"
},
{
"db": "CNVD",
"id": "CNVD-2016-10607"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-859"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "cd260ec9-6ff7-40bb-ada7-11c2f4aab393"
},
{
"db": "BID",
"id": "93950"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-859"
}
],
"trust": 1.1
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…