Heap-Based Buffer Overflow in Honeywell Experion PKS Products
CVE-2014-9187

9.8CRITICAL

Key Information:

Vendor: Honeywell
Status: Experion Pks
Vendor: CVE Published:; 25 March 2019

What is CVE-2014-9187?

Multiple heap-based buffer overflow vulnerabilities have been identified in Honeywell Experion PKS, affecting all versions prior to R400.6, R410.6, and R430.2. These vulnerabilities could potentially allow an attacker to execute remote code or cause a denial of service. Honeywell strongly advises users to upgrade to supported versions to mitigate these security risks. For more details, visit the associated advisory.

Affected Version(s)

Experion PKS R40x prior to R400.6

Experion PKS R41x prior to R410.6

Experion PKS R43x prior to R430.2

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2019
Vulnerability Reserved
Dec 2, 2014