Vulnerability Description
A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Experion Process Knowledge System | >= r400, < r400.6 |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2014-9186?
CVE-2014-9186 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file ...
How severe is CVE-2014-9186?
CVE-2014-9186 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-9186?
Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Experion Process Knowledge System.