CVE-2014-9186
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2014-9186
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Honeywell International Experion PKS 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Honeywell International Experion PKS是美国霍尼韦尔国际(Honeywell International)公司的一套过程自动化控制系统。该系统提供过程控制、安全仪表系统、安防以及先进控制系统等。 Honeywell International Experion PKS 中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Honeywell | Experion PKS | R40x before R400.6 | - |
II. Public POCs for CVE-2014-9186
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2014-9186
请登录查看更多情报信息。
- https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2014-9186
Same Patch Batch · Honeywell · 2019-04-08 · 3 CVEs total
| CVE-2014-5435 | Honeywell International Experion PKS 缓冲区错误漏洞 | |
| CVE-2014-5436 | Honeywell International Experion PKS 路径遍历漏洞 |
IV. Related Vulnerabilities
Same product: Experion PKS
- CVE-2021-38397
Honeywell Experion PKS and ACE Controllers Unrestricted Uplo - CVE-2021-38395
Honeywell Experion PKS and ACE Controllers Injection - CVE-2021-38399
Honeywell Experion PKS and ACE Controllers Relative Path Tra - CVE-2014-5435
Honeywell International Experion PKS 缓冲区错误漏洞 - CVE-2014-5436
Honeywell International Experion PKS 路径遍历漏洞
Same vendor: Honeywell
- CVE-2026-4272
CVE-2026-4272 - Bluetooth Remote Execution of System Command - CVE-2026-3611
Honeywell IQ4x BMS Controller Missing authentication for cri - CVE-2026-1670
Honeywell CCTV Products Missing Authentication for Critical - CVE-2021-47868
WIN-PACK PRO 4.8 - 'WPCommandFileService' Unquoted Service P - CVE-2021-47866
WIN-PACK PRO 4.8 - 'GuardTourService' Unquoted Service Path
Same weakness: CWE-98
- CVE-2022-50954
WordPress Plugin cab-fare-calculator 1.0.3 Local File Inclus - CVE-2026-8208
Gibbon<30.0.01本地文件包含致RCE - CVE-2026-41228
Froxlor has Local File Inclusion via path traversal in API ` - CVE-2026-1620
Livemesh Addons by Elementor <= 9.0 - Authenticated (Contrib - CVE-2026-39387
BoidCMS: Local File Inclusion (LFI) leads to Remote Code Exe
V. Comments for CVE-2014-9186
No comments yet