CVE-2014-9187
25.03.2019, 20:29
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.Enginsight
| Vendor | Product | Version |
|---|---|---|
| honeywell | experion_process_knowledge_system | r400 ≤ 𝑥 < r400.6 |
| honeywell | experion_process_knowledge_system | r410 ≤ 𝑥 < r410.6 |
| honeywell | experion_process_knowledge_system | r430 ≤ 𝑥 < r430.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.