Vulnerability Description
An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Experion Process Knowledge System | >= r400, < r400.6 |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01MitigationThird Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2014-5435?
CVE-2014-5435 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote...
How severe is CVE-2014-5435?
CVE-2014-5435 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-5435?
Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Experion Process Knowledge System.