No known public exploits specifically target this vulnerability. This vulnerability could be exploited remotely. A CVSS v3 base score of 3.7 has been assigned the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). A successful exploit would prevent firmware uploads to the Series-C devices. By sending a specially crafted packet, an attacker could cause the process to terminate. VULNERABILITY CHARACTERIZATION VULNERABILITY OVERVIEWĮxperion PKS does not properly validate input. Honeywell estimates that this product is used primarily in the United States and Europe with a small percentage in Asia. According to Honeywell, Experion PKS is deployed across several sectors including Commercial Facilities, Critical Manufacturing, Energy, Water and Wastewater Systems, and others. The affected product, Experion PKS, is a client tool used to configure firmware in Series-C devices.
Honeywell is a US-based company that maintains offices worldwide. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. Successful exploitation of the vulnerability would prevent the Experion PKS client tools from uploading firmware to Series-C devices. The following Experion PKS versions are affected: Honeywell has produced patches to mitigate this vulnerability. Honeywell reported a denial-of-service condition caused by an improper input validation vulnerability in Honeywell’s Experion Process Knowledge System (PKS) platform.
0 kommentar(er)
