CVE-2014-5435

CRITICAL

Honeywell Experion PKS R40x < R400.6, R41x < R410.6, R43x < R430.2 - Out-of-bounds Write in dual_onsrv.exe

Title source: llm
STIX 2.1

Description

An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

References (1)

Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01

Scores

CVSS v3 9.8
EPSS 0.0347
EPSS Percentile 87.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-123 CWE-787
Status published
Products (1)
honeywell/experion_process_knowledge_system r400 - r400.6
Published Apr 08, 2019
Tracked Since Feb 18, 2026