CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2014-5435
https://notcve.org/view.php?id=CVE-2014-5435
08 Apr 2019 — An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Se presenta una vulnerabilidad de escritura de memoria arbitraria en el módulo dual_onsrv.exe en Honeywell Experion PKS R40x ante... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-123: Write-what-where Condition CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5436
https://notcve.org/view.php?id=CVE-2014-5436
08 Apr 2019 — A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Se presenta una vulnerabilidad de salto de directorio (directory traversal) en el módulo confd.exe en Honeywell Experion PKS R40x anterior a R400.6, R41x ant... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2014-9186
https://notcve.org/view.php?id=CVE-2014-9186
08 Apr 2019 — A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Se presenta una vulnerabilidad de inclusión de archivos en el módulo confd.exe en Hon... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-20: Improper Input Validation CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2014-9187
https://notcve.org/view.php?id=CVE-2014-9187
25 Mar 2019 — Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Existen múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) en Honeywell... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2014-9189
https://notcve.org/view.php?id=CVE-2014-9189
25 Mar 2019 — Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Existen múltiples vulnerabilidades de desbordamiento de búfer basado en pila... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-8344
https://notcve.org/view.php?id=CVE-2016-8344
13 Feb 2017 — An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. Ha sido descubierto un problema en la plataforma Honeywell Expe... • http://www.securityfocus.com/bid/93950 • CWE-20: Improper Input Validation •