CVE-2014-9189 : Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6,

Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

Published 2019-03-25 20:29:00

Updated 2019-10-09 23:12:25

Source ICS-CERT

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2014-9189

Probability of exploitation activity in the next 30 days: 0.58%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-9189

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2014-9189

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Assigned by: ics-cert@hq.dhs.gov (Secondary)

References for CVE-2014-9189

https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01

Honeywell Experion PKS Vulnerabilities | CISA
Mitigation;US Government Resource;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2014-9189

Honeywell » Experion Process Knowledge System
Versions from including (>=) r430 and before (<) r430.2
cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*
Matching versions
Honeywell » Experion Process Knowledge System
Versions from including (>=) r410 and before (<) r410.6
cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*
Matching versions
Honeywell » Experion Process Knowledge System
Versions from including (>=) r400 and before (<) r400.6
cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-9189

Exploit prediction scoring system (EPSS) score for CVE-2014-9189

CVSS scores for CVE-2014-9189

CWE ids for CVE-2014-9189

References for CVE-2014-9189

Products affected by CVE-2014-9189