Honeywell Experion PKS Improper Input Validation Vulnerability

Low Risk3.7ICS-CERT ICSA-16-301-01Jul 31, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Honeywell Experion PKS contains an improper input validation vulnerability that could allow an unauthenticated attacker with network access to cause a denial of service condition. Affected versions include all releases from 3xx through 431, with no vendor fix planned or currently available.

What this means

What could happen

An attacker with network access to the Experion PKS system could trigger a denial of service condition that temporarily disrupts the availability of the control system, affecting the ability to monitor and manage industrial processes.

Who's at risk

Water authorities and electric utilities running Honeywell Experion PKS distributed control systems (version 3xx through 431) for process monitoring and supervisory control should be aware that all supported versions are affected and no vendor patch is available.

How it could be exploited

An attacker on the network sends malformed input to the Experion PKS that bypasses input validation checks. The unvalidated input triggers a fault in the control system logic, causing a temporary service disruption or process monitoring outage.

Prerequisites

Network access to Honeywell Experion PKS system
No authentication required

remotely exploitableno authentication requiredno patch availableaffects control system availability

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (5)

5 pending

ProductAffected VersionsFix Status

Experion PKS: <=3xx≤ 3xxNo fix yet

Experion PKS: 400400No fix yet

Experion PKS: 410410No fix yet

Experion PKS: 430430No fix yet

Experion PKS: 431431No fix yet

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDReview and restrict network access to Experion PKS management interfaces; disable remote access if not operationally necessary

Long-term hardening

0/2

HARDENINGSegment Experion PKS systems on a separate, secured control network with firewall rules that restrict inbound access to only authorized engineering and monitoring workstations

HARDENINGImplement network-based monitoring to detect unusual traffic patterns or repeated connection attempts to the Experion PKS that could indicate exploitation activity

CVEs (1)

CVE-2016-8344

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f764482f-57c1-46d8-84d0-4063bfa9f05e