Lucene search

[email protected]CVE-2014-9189

HistoryMar 25, 2019 - 8:29 p.m.

CVE-2014-9189

2019-03-2520:29:00

CWE-119

CWE-121

[email protected]

web.nvd.nist.gov

honeywell

experion pks

buffer overflow

vulnerability

cve-2014-9189

r400.6

r410.6

r430.2

remote code execution

memory corruption

denial of service

upgrade

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.1%

JSON

Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

Affected configurations

NVD

Node

honeywellexperion_process_knowledge_systemRanger400–r400.6

honeywellexperion_process_knowledge_systemRanger410–r410.6

honeywellexperion_process_knowledge_systemRanger430–r430.2

CPENameOperatorVersion
honeywell:experion_process_knowledge_systemhoneywell experion process knowledge systemltr400.6
honeywell:experion_process_knowledge_systemhoneywell experion process knowledge systemltr410.6
honeywell:experion_process_knowledge_systemhoneywell experion process knowledge systemltr430.2

CPE	Name	Operator	Version
honeywell:experion_process_knowledge_system	honeywell experion process knowledge system	lt	r400.6
honeywell:experion_process_knowledge_system	honeywell experion process knowledge system	lt	r410.6
honeywell:experion_process_knowledge_system	honeywell experion process knowledge system	lt	r430.2

CNA Affected

[
  {
    "product": "Experion PKS",
    "vendor": "Honeywell",
    "versions": [
      {
        "status": "affected",
        "version": "R40x prior to R400.6"
      },
      {
        "status": "affected",
        "version": "R41x prior to R410.6"
      },
      {
        "status": "affected",
        "version": "R43x prior to R430.2"
      }
    ]
  }
]

References

ics-cert.us-cert.gov/advisories/ICSA-14-352-01

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.1%

JSON

Related for CVE-2014-9189

cvelist1 nvd1 prion1 ics1