CVE-2016-8344 Honeywell CVE debrief

Who should care

Operators, integrators, and defenders responsible for Honeywell Experion PKS deployments, especially environments that rely on Series-C devices and firmware upload workflows. Industrial control system teams should also review any exposed paths that accept network packets into the affected process.

Technical summary

The NVD record classifies the weakness as CWE-20 (improper input validation) with CVSS v3.0 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L. The described impact is availability-focused: a crafted packet may terminate the process, which in turn can stop firmware uploads to Series-C devices. NVD lists affected Experion PKS versions as Release 3xx and prior, 400, 410, 430, and 431.

Defensive priority

Low. The scoring indicates limited impact and no confidentiality or integrity loss, but the availability effect may still matter in ICS environments where firmware uploads are operationally important.

Recommended defensive actions

• Identify whether any Honeywell Experion PKS installations in scope match the affected release ranges listed by NVD.
• Review vendor and ICS-CERT guidance for mitigation steps referenced in the advisory record (ICSA-16-301-01).
• Restrict exposure of affected packet-processing paths to trusted network segments where possible.
• Monitor for unexpected process termination or failed firmware upload activity on affected systems.
• Validate that asset inventories and maintenance procedures account for Series-C device firmware update dependencies.

Evidence notes

Based on the supplied NVD record and referenced ICS-CERT advisory, the vulnerability is an improper input validation issue in Honeywell Experion PKS. The record states that a specially crafted packet can terminate the process and prevent firmware uploads to Series-C devices. NVD assigns CVSS v3.0 3.7 LOW with vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L and CWE-20. The CVE was published on 2017-02-13 and later modified on 2026-05-13 in the supplied timeline fields.

Official resources