Vulnerability Description
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Experion Process Knowledge System | >= r400, < r400.6 |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01MitigationThird Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2014-9187?
CVE-2014-9187 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could le...
How severe is CVE-2014-9187?
CVE-2014-9187 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-9187?
Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Experion Process Knowledge System.