CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2014-9186
https://notcve.org/view.php?id=CVE-2014-9186
08 Apr 2019 — A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Se presenta una vulnerabilidad de inclusión de archivos en el módulo confd.exe en Hon... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-20: Improper Input Validation CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2014-9187
https://notcve.org/view.php?id=CVE-2014-9187
25 Mar 2019 — Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Existen múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) en Honeywell... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2014-9189
https://notcve.org/view.php?id=CVE-2014-9189
25 Mar 2019 — Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Existen múltiples vulnerabilidades de desbordamiento de búfer basado en pila... • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-8344
https://notcve.org/view.php?id=CVE-2016-8344
13 Feb 2017 — An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. Ha sido descubierto un problema en la plataforma Honeywell Expe... • http://www.securityfocus.com/bid/93950 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2012-0254
https://notcve.org/view.php?id=CVE-2012-0254
08 Sep 2012 — Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el control ActiveX HMIWeb Browser HSCDSPRenderDLL en Honeywell Process Solutions (HPS) Experion R2... • http://www.us-cert.gov/control_systems/pdf/ICSA-12-150-01.pdf • CWE-787: Out-of-bounds Write •