CVE-2014-5435
CRITICALHoneywell Experion PKS R40x < R400.6, R41x < R410.6, R43x < R430.2 - Out-of-bounds Write in dual_onsrv.exe
Title source: llmDescription
An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
References (1)
Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01
Scores
CVSS v3
9.8
EPSS
0.0347
EPSS Percentile
87.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-123
CWE-787
Status
published
Products (1)
honeywell/experion_process_knowledge_system
r400 - r400.6
Published
Apr 08, 2019
Tracked Since
Feb 18, 2026