PT-2019-7150 · Honeywell · Experion Pks

Published

2019-04-08

Updated

2019-10-09

CVE-2014-9186

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Honeywell Experion PKS versions prior to R400.6 Honeywell Experion PKS versions prior to R410.6 Honeywell Experion PKS versions prior to R430.2

Description A file inclusion issue exists in the confd.exe module, potentially allowing arbitrary file acceptance into the function. This could lead to information disclosure or remote code execution.

Recommendations For versions prior to R400.6, upgrade to version R400.6 or later. For versions prior to R410.6, upgrade to version R410.6 or later. For versions prior to R430.2, upgrade to version R430.2 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-98

Related Identifiers

CVE-2014-9186

Affected Products

Experion Pks

PT-2019-7150 · Honeywell · Experion Pks

CVE-2014-9186

Weakness Enumeration

Related Identifiers

Affected Products

References · 2