Honeywell Clears Improper Input Hole

Thursday, October 27, 2016 @ 07:10 PM gHale


Honeywell created patches to mitigate a denial-of-service condition caused by an improper input validation vulnerability in its Experion Process Knowledge System (PKS) platform, according to a report with ICS-CERT.

Successful exploitation of the vulnerability would prevent the Experion PKS client tools from uploading firmware to Series-C devices.

RELATED STORIES
Remote Control SCADA Issue Fixed
Moxa Clears Privilege Escalation Hole
Schneider Fixes Password Vulnerability
OSIsoft Mitigates PI Web API Hole

The following Experion PKS versions suffer from the remotely exploitable vulnerability:
• Experion PKS, Release 3xx and prior
• Experion PKS, Release 400
• Experion PKS, Release 410
• Experion PKS, Release 430
• Experion PKS, Release 431

Honeywell is a U.S.-based company that maintains offices worldwide.

The affected product, Experion PKS, is a client tool used to configure firmware in Series-C devices.

Experion PKS sees action across several sectors including commercial facilities, critical manufacturing, energy, and water and wastewater systems. Honeywell said this product sees use primarily in the United States and Europe with a small percentage in Asia.

Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices.

CVE-2016-8344 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 3.7.

No known public exploits specifically target this vulnerability. However, an attacker with a medium skill would be able to exploit this vulnerability.

Honeywell recommended Experion users download and apply the appropriate patch to protect themselves from this vulnerability.

Honeywell’s software downloads to resolve the vulnerabilities include the following:
• R400.8 HOTFIX1
• R410.8 HOTFIX6
• R430.5 HOTFIX1
• R431.2 HOTFIX2

In the event that a patch is not yet available for a current Experion release, Honeywell recommends users either isolate the network traffic when using the client tools (eNAP Server service) or turn the eNAP Server service off when not uploading new firmware until a patch is available.

Users can contact Honeywell technical support for registration and installation instructions for these patches.

Interactive support

Customer contact



Leave a Reply

You must be logged in to post a comment.