Lucene search

[email protected]CVE-2014-9187

HistoryMar 25, 2019 - 8:29 p.m.

CVE-2014-9187

2019-03-2520:29:00

CWE-119

CWE-122

[email protected]

web.nvd.nist.gov

cve-2014-9187

honeywell

experion pks

buffer overflow

remote code execution

denial of service

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.1%

JSON

Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

Affected configurations

NVD

Node

honeywellexperion_process_knowledge_systemRanger400–r400.6

honeywellexperion_process_knowledge_systemRanger410–r410.6

honeywellexperion_process_knowledge_systemRanger430–r430.2

CPENameOperatorVersion
honeywell:experion_process_knowledge_systemhoneywell experion process knowledge systemltr400.6
honeywell:experion_process_knowledge_systemhoneywell experion process knowledge systemltr410.6
honeywell:experion_process_knowledge_systemhoneywell experion process knowledge systemltr430.2

CPE	Name	Operator	Version
honeywell:experion_process_knowledge_system	honeywell experion process knowledge system	lt	r400.6
honeywell:experion_process_knowledge_system	honeywell experion process knowledge system	lt	r410.6
honeywell:experion_process_knowledge_system	honeywell experion process knowledge system	lt	r430.2

CNA Affected

[
  {
    "product": "Experion PKS",
    "vendor": "Honeywell",
    "versions": [
      {
        "status": "affected",
        "version": "R40x prior to R400.6"
      },
      {
        "status": "affected",
        "version": "R41x prior to R410.6"
      },
      {
        "status": "affected",
        "version": "R43x prior to R430.2"
      }
    ]
  }
]

References

ics-cert.us-cert.gov/advisories/ICSA-14-352-01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.1%

JSON

Related for CVE-2014-9187

cvelist1 nvd1 prion1 ics1