CVE-2014-5436

HIGH

Honeywell Experion PKS R40x < R400.6, R41x < R410.6, R43x < R430.2 - Path Traversal in confd.exe

Title source: llm
STIX 2.1

Description

A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

References (1)

Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01

Scores

CVSS v3 7.5
EPSS 0.0312
EPSS Percentile 86.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
honeywell/experion_process_knowledge_system r400 - r400.6
Published Apr 08, 2019
Tracked Since Feb 18, 2026