Vulnerability Details : CVE-2014-9189
Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-9189
Probability of exploitation activity in the next 30 days: 0.58%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-9189
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2014-9189
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
-
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Assigned by: ics-cert@hq.dhs.gov (Secondary)
References for CVE-2014-9189
-
https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01
Honeywell Experion PKS Vulnerabilities | CISAMitigation;US Government Resource;Third Party Advisory
Products affected by CVE-2014-9189
- Honeywell » Experion Process Knowledge SystemVersions from including (>=) r430 and before (<) r430.2cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*
- Honeywell » Experion Process Knowledge SystemVersions from including (>=) r410 and before (<) r410.6cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*
- Honeywell » Experion Process Knowledge SystemVersions from including (>=) r400 and before (<) r400.6cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*