CVE-2014-5435

CVE-2014-5435 involves an arbitrary memory write vulnerability in the Honeywell Experion PKS components, specifically the dual_onsrv.exe module, affecting the R40x line before R400.6, R41x before R410.6, and R43x before R430.2. The flaw could enable remote code execution or denial of service. The...

CVE-2014-5436

CVE-2014-5436 affects Honeywell Experion PKS by a directory traversal in the confd.exe module. The vulnerability spans Honeywell EKPS/Experion PKS releases: R40x before R400.6, R41x before R410.6, and R43x before R430.2, and could lead to information disclosure. Root cause is a directory traversa...

CVE-2014-9186

CVE-2014-9186 affects Honeywell Experion PKS confd.exe modules. The vulnerability is a file inclusion flaw in confd.exe (and related modules noted in the CVE family) that could allow an arbitrary file to be accepted into a function, with potential information disclosure or remote code execution. ...

Honeywell Experion PKS Security Vulnerabilities

Update – Unsupported versions of Honeywell distributed control system software are vulnerable to publicly available remote exploits. The Industrial Control System Cyber Emergency Response Team ICS-CERT published on Tuesday an advisory warning organizations to upgrade to supported versions of...