CVE-2014-5435

EPSS 1.44%
Veröffentlicht 08.04.2019 16:29:00
Zuletzt bearbeitet 21.11.2024 02:12:02
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Honeywell ≫ Experion Process Knowledge System Version >= r400 < r400.6

Honeywell ≫ Experion Process Knowledge System Version >= r410 < r410.6

Honeywell ≫ Experion Process Knowledge System Version >= r430 < r430.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.44%	0.799

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-123 Write-what-where Condition

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2014-5435

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-5435

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-5435

EUVD