Lucene search

[email protected]CVE-2014-5435

HistoryApr 08, 2019 - 4:29 p.m.

CVE-2014-5435

2019-04-0816:29:00

CWE-787

CWE-123

[email protected]

web.nvd.nist.gov

cve-2014-5435

honeywell experion

pks

r40x

r41x

r43x

r400.6

r410.6

r430.2

remote code execution

denial of service

upgrade

unsupported version

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

Affected configurations

NVD

Node

honeywellexperion_process_knowledge_systemRanger400–r400.6

honeywellexperion_process_knowledge_systemRanger410–r410.6

honeywellexperion_process_knowledge_systemRanger430–r430.2

CPENameOperatorVersion
honeywell:experion_process_knowledge_systemhoneywell experion process knowledge systemltr400.6
honeywell:experion_process_knowledge_systemhoneywell experion process knowledge systemltr410.6
honeywell:experion_process_knowledge_systemhoneywell experion process knowledge systemltr430.2

CPE	Name	Operator	Version
honeywell:experion_process_knowledge_system	honeywell experion process knowledge system	lt	r400.6
honeywell:experion_process_knowledge_system	honeywell experion process knowledge system	lt	r410.6
honeywell:experion_process_knowledge_system	honeywell experion process knowledge system	lt	r430.2

CNA Affected

[
  {
    "product": "Experion PKS",
    "vendor": "Honeywell",
    "versions": [
      {
        "status": "affected",
        "version": "R40x before R400.6"
      },
      {
        "status": "affected",
        "version": "R41x before R410.6"
      },
      {
        "status": "affected",
        "version": "R43x before R430.2"
      }
    ]
  }
]

References

ics-cert.us-cert.gov/advisories/ICSA-14-352-01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

Related for CVE-2014-5435

cvelist1 nvd1 prion1 ics1