CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9186
https://notcve.org/view.php?id=CVE-2014-9186
A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Se presenta una vulnerabilidad de inclusión de archivos en el módulo confd.exe en Honeywell Experion PKS R40x anterior a R400.6, R41x anterior a R410.6 y R43x anterior a R430.2, lo que podría conllevar a aceptar un archivo arbitrario en la función y la posible divulgación de información o ejecución de código remoto . Honeywell exhorta encarecidamente y recomienda a todos los clientes que ejecutan versiones no compatibles de EKPS anterior a R400 a actualizar a una versión compatible. • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-20: Improper Input Validation CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9187
https://notcve.org/view.php?id=CVE-2014-9187
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Existen múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) en Honeywell Experion PKS, en todas la versiones anteriores a la R400.6, todas la versiones anteriores a la R410.6 y todas la versiones anteriores a la R430.2, lo cual podría llevar a una posible ejecución remota de código o denegación de servicio (DoS). Honeywell recomienda encarecidamente que todos los usuarios que ejecuten versiones sin soporte de EKPS anteriores a la R400 actualicen el producto a una versión soportada. • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9189
https://notcve.org/view.php?id=CVE-2014-9189
Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Existen múltiples vulnerabilidades de desbordamiento de búfer basado en pila en Honeywell Experion PKS, en todas la versiones anteriores a la R400.6, todas la versiones anteriores a la R410.6 y todas la versiones anteriores a la R430.2, lo cual podría llevar a una posible ejecución remota de código, corrupción de memoria dinámica o denegación de servicio (DoS). Honeywell recomienda encarecidamente que todos los usuarios que ejecuten versiones sin soporte de EKPS anteriores a la R400 actualicen el producto a una versión soportada. • https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-8344
https://notcve.org/view.php?id=CVE-2016-8344
An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. Ha sido descubierto un problema en la plataforma Honeywell Experion Process Knowledge System (PKS): Experion PKS, Release 3xx y versiones anteriores, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430 y Experion PKS, Release 431. • http://www.securityfocus.com/bid/93950 https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2012-0254
https://notcve.org/view.php?id=CVE-2012-0254
Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el control ActiveX HMIWeb Browser HSCDSPRenderDLL en Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, y R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 y R410.1; y Honeywell Environmental Combustion y Controls (ECC) SymmetrE R410.1 permite a atacantes remotos a ejecutar código a través de vectores no especificados. • http://www.us-cert.gov/control_systems/pdf/ICSA-12-150-01.pdf https://www.honeywellprocess.com/en-US/support/pages/all-notifications.aspx • CWE-787: Out-of-bounds Write •