cvelistv5 - cve-2014-9186

cve-2014-9186

Vulnerability from cvelistv5

Published

2019-04-08 15:09

Modified

2024-08-06 13:40

Severity ?

Summary

References

▼	URL	Tags
	ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	Honeywell	Experion PKS	Version: R40x before R400.6 Version: R41x before R410.6 Version: R43x before R430.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:24.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Experion PKS",
          "vendor": "Honeywell",
          "versions": [
            {
              "status": "affected",
              "version": "R40x before R400.6"
            },
            {
              "status": "affected",
              "version": "R41x before R410.6"
            },
            {
              "status": "affected",
              "version": "R43x before R430.2"
            }
          ]
        }
      ],
      "datePublic": "2014-12-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-98",
              "description": "File inclusion CWE-98",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-08T15:09:55",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-9186",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Experion PKS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "R40x before R400.6"
                          },
                          {
                            "version_value": "R41x before R410.6"
                          },
                          {
                            "version_value": "R43x before R430.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Honeywell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File inclusion CWE-98"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-9186",
    "datePublished": "2019-04-08T15:09:55",
    "dateReserved": "2014-12-02T00:00:00",
    "dateUpdated": "2024-08-06T13:40:24.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"r400\", \"versionEndExcluding\": \"r400.6\", \"matchCriteriaId\": \"E83AB48A-F78A-4D8E-8833-DFD95946F16A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"r410\", \"versionEndExcluding\": \"r410.6\", \"matchCriteriaId\": \"899CC094-462B-4862-97D6-DAF1BDD70B5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"r430\", \"versionEndExcluding\": \"r430.2\", \"matchCriteriaId\": \"19429BFB-4485-4F36-9DF9-3BD83DE3F1FD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de inclusi\\u00f3n de archivos en el m\\u00f3dulo confd.exe en Honeywell Experion PKS R40x anterior a R400.6, R41x anterior a R410.6 y R43x anterior a R430.2, lo que podr\\u00eda conllevar a aceptar un archivo arbitrario en la funci\\u00f3n y la posible divulgaci\\u00f3n de informaci\\u00f3n o ejecuci\\u00f3n de c\\u00f3digo remoto . Honeywell exhorta encarecidamente y recomienda a todos los clientes que ejecutan versiones no compatibles de EKPS anterior a R400 a actualizar a una versi\\u00f3n compatible.\"}]",
      "id": "CVE-2014-9186",
      "lastModified": "2024-11-21T02:20:21.767",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-04-08T16:29:00.493",
      "references": "[{\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-98\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-9186\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2019-04-08T16:29:00.493\",\"lastModified\":\"2024-11-21T02:20:21.767\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de inclusi\u00f3n de archivos en el m\u00f3dulo confd.exe en Honeywell Experion PKS R40x anterior a R400.6, R41x anterior a R410.6 y R43x anterior a R430.2, lo que podr\u00eda conllevar a aceptar un archivo arbitrario en la funci\u00f3n y la posible divulgaci\u00f3n de informaci\u00f3n o ejecuci\u00f3n de c\u00f3digo remoto . Honeywell exhorta encarecidamente y recomienda a todos los clientes que ejecutan versiones no compatibles de EKPS anterior a R400 a actualizar a una versi\u00f3n compatible.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-98\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r400\",\"versionEndExcluding\":\"r400.6\",\"matchCriteriaId\":\"E83AB48A-F78A-4D8E-8833-DFD95946F16A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r410\",\"versionEndExcluding\":\"r410.6\",\"matchCriteriaId\":\"899CC094-462B-4862-97D6-DAF1BDD70B5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r430\",\"versionEndExcluding\":\"r430.2\",\"matchCriteriaId\":\"19429BFB-4485-4F36-9DF9-3BD83DE3F1FD\"}]}]}],\"references\":[{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

gsd-2014-9186

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-9186

Aliases

CVE-2014-9186

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-9186",
    "description": "A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.",
    "id": "GSD-2014-9186"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-9186"
      ],
      "details": "A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.",
      "id": "GSD-2014-9186",
      "modified": "2023-12-13T01:22:48.383579Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2014-9186",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Experion PKS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "R40x before R400.6"
                        },
                        {
                          "version_value": "R41x before R410.6"
                        },
                        {
                          "version_value": "R43x before R430.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Honeywell"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "File inclusion CWE-98"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "r400.6",
                "versionStartIncluding": "r400",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "r410.6",
                "versionStartIncluding": "r410",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "r430.2",
                "versionStartIncluding": "r430",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-9186"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01",
              "refsource": "MISC",
              "tags": [
                "US Government Resource",
                "Third Party Advisory"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:12Z",
      "publishedDate": "2019-04-08T16:29Z"
    }
  }
}

ghsa-7q7j-2f25-p5hw

Vulnerability from github

Published

2022-05-13 01:38

Modified

2022-05-13 01:38

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-9186"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-08T16:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.",
  "id": "GHSA-7q7j-2f25-p5hw",
  "modified": "2022-05-13T01:38:56Z",
  "published": "2022-05-13T01:38:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9186"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2014-9186

Vulnerability from fkie_nvd

Published

2019-04-08 16:29

Modified

2024-11-21 02:20

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
honeywell	experion_process_knowledge_system	*
honeywell	experion_process_knowledge_system	*
honeywell	experion_process_knowledge_system	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E83AB48A-F78A-4D8E-8833-DFD95946F16A",
              "versionEndExcluding": "r400.6",
              "versionStartIncluding": "r400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "899CC094-462B-4862-97D6-DAF1BDD70B5C",
              "versionEndExcluding": "r410.6",
              "versionStartIncluding": "r410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19429BFB-4485-4F36-9DF9-3BD83DE3F1FD",
              "versionEndExcluding": "r430.2",
              "versionStartIncluding": "r430",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de inclusi\u00f3n de archivos en el m\u00f3dulo confd.exe en Honeywell Experion PKS R40x anterior a R400.6, R41x anterior a R410.6 y R43x anterior a R430.2, lo que podr\u00eda conllevar a aceptar un archivo arbitrario en la funci\u00f3n y la posible divulgaci\u00f3n de informaci\u00f3n o ejecuci\u00f3n de c\u00f3digo remoto . Honeywell exhorta encarecidamente y recomienda a todos los clientes que ejecutan versiones no compatibles de EKPS anterior a R400 a actualizar a una versi\u00f3n compatible."
    }
  ],
  "id": "CVE-2014-9186",
  "lastModified": "2024-11-21T02:20:21.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-08T16:29:00.493",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-98"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Honeywell Experion PKS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Honeywell EPKS is used in the automation and control of industrial and production processes and is a distributed control system solution, including a web-based SCADA system. The Honeywell Experion PKS presence file contains a vulnerability because it fails to adequately filter the input provided by the user. An attacker could exploit this vulnerability to obtain sensitive information or execute arbitrary script code in the context of a web server process. The following versions are affected: Honeywell Experion R40x versions prior to Experion PKS R400.6 Honeywell Experion R41x versions prior to Experion PKS R410.6 Honeywell Experion R43x versions prior to Experion PKS R430.2. An attacker could exploit the vulnerability via a file inclusion attack by submitting a crafted function to the affected software.

Honeywell has confirmed the vulnerability and released updated software

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0506",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "experion process knowledge system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": "r400"
      },
      {
        "model": "experion process knowledge system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": "r430"
      },
      {
        "model": "experion process knowledge system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": "r400.6"
      },
      {
        "model": "experion process knowledge system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": "r410.6"
      },
      {
        "model": "experion process knowledge system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": "r410"
      },
      {
        "model": "experion process knowledge system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": "r430.2"
      },
      {
        "model": "experion process knowledge system",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "honeywell",
        "version": "r43x"
      },
      {
        "model": "experion process knowledge system",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "honeywell",
        "version": "r41x"
      },
      {
        "model": "experion process knowledge system",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "honeywell",
        "version": "r430.2"
      },
      {
        "model": "experion process knowledge system",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "honeywell",
        "version": "r410.6"
      },
      {
        "model": "experion process knowledge system",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "honeywell",
        "version": "r400.6"
      },
      {
        "model": "experion process knowledge system",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "honeywell",
        "version": "r40x"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "experion process knowledge system",
        "version": "*"
      },
      {
        "model": "experion pks r40x",
        "scope": null,
        "trust": 0.6,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "experion pks r41x",
        "scope": null,
        "trust": 0.6,
        "vendor": "honeywell",
        "version": null
      },
      {
        "model": "experion pks r43x",
        "scope": null,
        "trust": 0.6,
        "vendor": "honeywell",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b3aa354c-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008658"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9186"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "r400.6",
                "versionStartIncluding": "r400",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "r410.6",
                "versionStartIncluding": "r410",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "r430.2",
                "versionStartIncluding": "r430",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-9186"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Kirill Nesterov,Alexander Tlyapov, Gleb Gritsai, Artem Chaykin and Ilya Karpov of the Positive Technologies Research Team and Security Lab",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-506"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2014-9186",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-9186",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2014-09111",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "b3aa354c-2351-11e6-abef-000c29c66e3d",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2014-9186",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-9186",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-09111",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201412-506",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "b3aa354c-2351-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-9186",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b3aa354c-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9186"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008658"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-506"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Honeywell Experion PKS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Honeywell EPKS is used in the automation and control of industrial and production processes and is a distributed control system solution, including a web-based SCADA system. The Honeywell Experion PKS presence file contains a vulnerability because it fails to adequately filter the input provided by the user. An attacker could exploit this vulnerability to obtain sensitive information or execute arbitrary script code in the context of a web server process. \nThe following versions are affected:\nHoneywell Experion R40x versions prior to Experion PKS R400.6\nHoneywell Experion R41x versions prior to Experion PKS R410.6\nHoneywell Experion R43x versions prior to Experion PKS R430.2. An attacker could exploit the vulnerability via a file inclusion attack by submitting a crafted function to the affected software. \n\nHoneywell has confirmed the vulnerability and released updated software",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-9186"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008658"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      },
      {
        "db": "BID",
        "id": "71753"
      },
      {
        "db": "IVD",
        "id": "b3aa354c-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9186"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-9186",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-352-01",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "71753",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-09111",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-506",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008658",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "B3AA354C-2351-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9186",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b3aa354c-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9186"
      },
      {
        "db": "BID",
        "id": "71753"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008658"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-506"
      }
    ]
  },
  "id": "VAR-201904-0506",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "b3aa354c-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      }
    ],
    "trust": 1.8
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b3aa354c-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:43:36.628000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Experion PKS",
        "trust": 0.8,
        "url": "https://www.honeywellprocess.com/en-us/explore/products/control-monitoring-and-safety-systems/integrated-control-and-safety-systems/experion-pks/pages/default.aspx"
      },
      {
        "title": "Honeywell Experion PKS file contains patches for vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/53116"
      },
      {
        "title": "Honeywell International Experion PKS Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91622"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-506"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008658"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9186"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-352-01"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9186"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9186"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/71753"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9186"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008658"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-506"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "b3aa354c-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-9186"
      },
      {
        "db": "BID",
        "id": "71753"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008658"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-9186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-506"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-12-25T00:00:00",
        "db": "IVD",
        "id": "b3aa354c-2351-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2014-12-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      },
      {
        "date": "2019-04-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-9186"
      },
      {
        "date": "2014-12-19T00:00:00",
        "db": "BID",
        "id": "71753"
      },
      {
        "date": "2019-05-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008658"
      },
      {
        "date": "2019-04-08T16:29:00.493000",
        "db": "NVD",
        "id": "CVE-2014-9186"
      },
      {
        "date": "2014-12-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201412-506"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-12-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-9186"
      },
      {
        "date": "2014-12-19T00:00:00",
        "db": "BID",
        "id": "71753"
      },
      {
        "date": "2019-05-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008658"
      },
      {
        "date": "2019-10-09T23:12:24.250000",
        "db": "NVD",
        "id": "CVE-2014-9186"
      },
      {
        "date": "2019-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201412-506"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-506"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Honeywell Experion PKS File contains vulnerabilities",
    "sources": [
      {
        "db": "IVD",
        "id": "b3aa354c-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-09111"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation error",
    "sources": [
      {
        "db": "IVD",
        "id": "b3aa354c-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "BID",
        "id": "71753"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201412-506"
      }
    ],
    "trust": 1.1
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2014-9186

Vulnerability from cvelistv5

gsd-2014-9186

Vulnerability from gsd

ghsa-7q7j-2f25-p5hw

Vulnerability from github

fkie_cve-2014-9186

Vulnerability from fkie_nvd

var-201904-0506

Vulnerability from variot

Tags

Sightings

Nomenclature