cbcvebase.
CVE-2014-9189
published 2019-03-25

CVE-2014-9189: Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all…

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.23%
91.5th percentile
Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

Affected

8 ranges
VendorProductVersion rangeFixed in
honeywellexperion_pks
honeywellexperion_pks
honeywellexperion_pks
honeywellexperion_process_knowledge_system>= r400 < r400.6r400.6
honeywellexperion_process_knowledge_system>= r410 < r410.6r410.6
honeywellexperion_process_knowledge_system>= r430 < r430.2r430.2
pythonpillow>= 0 < 2.3.0-1ubuntu3.42.3.0-1ubuntu3.4
pythonpillow>= 0 < 3.1.2-0ubuntu1.13.1.2-0ubuntu1.1

Detection & IOCsextracted from sources · hover to see the quote

processconfd.exe
processhscodbcn.exe
processpscdasrv.exe
  • Alert on unexpected crashes or restarts of confd.exe, hscodbcn.exe, or pscdasrv.exe on Honeywell Experion PKS systems, which may indicate stack-based buffer overflow exploitation attempts.
  • Detect Experion PKS systems exposed directly to the internet or business network; these should be isolated behind firewalls as exploitation is remotely possible with no authentication required.
  • ·No known public exploits specifically target these vulnerabilities at time of advisory publication, reducing immediate weaponized exploit risk.
  • ·CVE-2014-9189 affects only Experion PKS versions prior to R400.6, R410.6, and R430.2; patched versions are not vulnerable and should be confirmed before deploying detection rules.
  • ·Experion PKS R311.2 is also impacted but is end-of-life and unsupported; detection and patching guidance may differ for this legacy version.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.