Details of VAR-201904-0511

ID

VAR-201904-0511

CVE

CVE-2014-5435

TITLE

Honeywell Experion PKS 'dual_onsrv.exe' Module Remote Code Execution Vulnerability

Trust: 1.1

sources: IVD: dd07173e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-09114 // BID: 71747

DESCRIPTION

An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Honeywell Experion PKS Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Honeywell EPKS is used in the automation and control of industrial and production processes and is a distributed control system solution, including a web-based SCADA system. Or initiate a denial of service attack. Failed exploit attempts will result in a denial-of-service condition. The following versions are affected: Honeywell Experion R40x versions prior to Experion PKS R400.6 Honeywell Experion R41x versions prior to Experion PKS R410.6 Honeywell Experion R43x versions prior to Experion PKS R430.2

Trust: 2.7

sources: NVD: CVE-2014-5435 // JVNDB: JVNDB-2014-008660 // CNVD: CNVD-2014-09114 // BID: 71747 // IVD: dd07173e-2351-11e6-abef-000c29c66e3d // VULMON: CVE-2014-5435

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: dd07173e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-09114

AFFECTED PRODUCTS

vendor:	honeywell	model:	experion process knowledge system	scope:	gte	version:	r410	Trust: 1.0
vendor:	honeywell	model:	experion process knowledge system	scope:	lt	version:	r430.2	Trust: 1.0
vendor:	honeywell	model:	experion process knowledge system	scope:	lt	version:	r400.6	Trust: 1.0
vendor:	honeywell	model:	experion process knowledge system	scope:	gte	version:	r400	Trust: 1.0
vendor:	honeywell	model:	experion process knowledge system	scope:	lt	version:	r410.6	Trust: 1.0
vendor:	honeywell	model:	experion process knowledge system	scope:	gte	version:	r430	Trust: 1.0
vendor:	honeywell	model:	experion process knowledge system	scope:	lt	version:	r43x	Trust: 0.8
vendor:	honeywell	model:	experion process knowledge system	scope:	lt	version:	r41x	Trust: 0.8
vendor:	honeywell	model:	experion process knowledge system	scope:	eq	version:	r430.2	Trust: 0.8
vendor:	honeywell	model:	experion process knowledge system	scope:	eq	version:	r410.6	Trust: 0.8
vendor:	honeywell	model:	experion process knowledge system	scope:	eq	version:	r400.6	Trust: 0.8
vendor:	honeywell	model:	experion process knowledge system	scope:	lt	version:	r40x	Trust: 0.8
vendor:	experion process knowledge system	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	honeywell	model:	experion pks r40x	scope:	-	version:	-	Trust: 0.6
vendor:	honeywell	model:	experion pks r41x	scope:	-	version:	-	Trust: 0.6
vendor:	honeywell	model:	experion pks r43x	scope:	-	version:	-	Trust: 0.6
vendor:	honeywell	model:	experion pks r430.1	scope:	-	version:	-	Trust: 0.3
vendor:	honeywell	model:	experion pks r430	scope:	-	version:	-	Trust: 0.3
vendor:	honeywell	model:	experion pks r410.5	scope:	-	version:	-	Trust: 0.3
vendor:	honeywell	model:	experion pks r410	scope:	-	version:	-	Trust: 0.3
vendor:	honeywell	model:	experion pks r400.5	scope:	-	version:	-	Trust: 0.3
vendor:	honeywell	model:	experion pks r400	scope:	-	version:	-	Trust: 0.3
vendor:	honeywell	model:	experion pks r430.2	scope:	ne	version:	-	Trust: 0.3
vendor:	honeywell	model:	experion pks r410.6	scope:	ne	version:	-	Trust: 0.3
vendor:	honeywell	model:	experion pks r400.6	scope:	ne	version:	-	Trust: 0.3

sources: IVD: dd07173e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-09114 // BID: 71747 // JVNDB: JVNDB-2014-008660 // NVD: CVE-2014-5435

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-5435
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2014-5435
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2014-09114
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201412-512
value:	CRITICAL
Trust: 0.6
IVD:	dd07173e-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULMON:	CVE-2014-5435
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-5435
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2014-09114
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	dd07173e-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2014-5435
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: dd07173e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-09114 // VULMON: CVE-2014-5435 // JVNDB: JVNDB-2014-008660 // CNNVD: CNNVD-201412-512 // NVD: CVE-2014-5435

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.8
problemtype:	CWE-123	Trust: 1.0

sources: JVNDB: JVNDB-2014-008660 // NVD: CVE-2014-5435

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-512

TYPE

Buffer error

Trust: 0.8

sources: IVD: dd07173e-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201412-512

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008660

PATCH

title:	Experion PKS	url:	https://www.honeywellprocess.com/en-US/explore/products/control-monitoring-and-safety-systems/integrated-control-and-safety-systems/experion-pks/Pages/default.aspx	Trust: 0.8
title:	Honeywell Experion PKS 'dual_onsrv.exe' patch for module remote code execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/53119	Trust: 0.6
title:	Honeywell International Experion PKS Fixes for code injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91624	Trust: 0.6

sources: CNVD: CNVD-2014-09114 // JVNDB: JVNDB-2014-008660 // CNNVD: CNNVD-201412-512

EXTERNAL IDS

db:	NVD	id:	CVE-2014-5435	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-352-01	Trust: 2.8
db:	BID	id:	71747	Trust: 1.0
db:	CNVD	id:	CNVD-2014-09114	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-512	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-008660	Trust: 0.8
db:	IVD	id:	DD07173E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULMON	id:	CVE-2014-5435	Trust: 0.1

sources: IVD: dd07173e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-09114 // VULMON: CVE-2014-5435 // BID: 71747 // JVNDB: JVNDB-2014-008660 // CNNVD: CNNVD-201412-512 // NVD: CVE-2014-5435

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-14-352-01	Trust: 2.9
url:	https://nvd.nist.gov/vuln/detail/cve-2014-5435	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5435	Trust: 0.8
url:	http://www.securityfocus.com/bid/71747	Trust: 0.7
url:	https://www.honeywellprocess.com/en-us/training/programs/control-monitoring-and-safety-systems/pages/experion-pks.aspx	Trust: 0.3
url:	http://s1018729.instanturl.net/wp-content/uploads/2013/01/overview_epdoc-xx81-en-410.pdf	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2014-09114 // VULMON: CVE-2014-5435 // BID: 71747 // JVNDB: JVNDB-2014-008660 // CNNVD: CNNVD-201412-512 // NVD: CVE-2014-5435

CREDITS

Kirill Nesterov,Alexander Tlyapov, Gleb Gritsai, Artem Chaykin and Ilya Karpov of the Positive Technologies Research Team and Security Lab

Trust: 0.6

sources: CNNVD: CNNVD-201412-512

SOURCES

db:	IVD	id:	dd07173e-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-09114
db:	VULMON	id:	CVE-2014-5435
db:	BID	id:	71747
db:	JVNDB	id:	JVNDB-2014-008660
db:	CNNVD	id:	CNNVD-201412-512
db:	NVD	id:	CVE-2014-5435

LAST UPDATE DATE

2024-11-23T22:45:04.522000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-09114	date:	2014-12-25T00:00:00
db:	VULMON	id:	CVE-2014-5435	date:	2019-10-09T00:00:00
db:	BID	id:	71747	date:	2014-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-008660	date:	2019-05-13T00:00:00
db:	CNNVD	id:	CNNVD-201412-512	date:	2019-04-19T00:00:00
db:	NVD	id:	CVE-2014-5435	date:	2024-11-21T02:12:02.660

SOURCES RELEASE DATE

db:	IVD	id:	dd07173e-2351-11e6-abef-000c29c66e3d	date:	2014-12-25T00:00:00
db:	CNVD	id:	CNVD-2014-09114	date:	2014-12-25T00:00:00
db:	VULMON	id:	CVE-2014-5435	date:	2019-04-08T00:00:00
db:	BID	id:	71747	date:	2014-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-008660	date:	2019-05-13T00:00:00
db:	CNNVD	id:	CNNVD-201412-512	date:	2014-12-25T00:00:00
db:	NVD	id:	CVE-2014-5435	date:	2019-04-08T16:29:00.307