Experion PKS

R43x before R430.2

OTHER 3 CVEs

R41x before R410.6

OTHER 3 CVEs

R41x prior to R410.6

OTHER 2 CVEs

ACE controllers

OTHER 3 CVEs

R40x before R400.6

OTHER 3 CVEs

R43x prior to R430.2

OTHER 2 CVEs

C200E

OTHER 3 CVEs

R40x prior to R400.6

OTHER 2 CVEs

C300

OTHER 3 CVEs

C200

OTHER 3 CVEs

CVE-2021-38397

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

CRITICAL Oct 28, 2022

CVE-2021-38395

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

CRITICAL Oct 28, 2022

CVE-2021-38399

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories.

HIGH Oct 28, 2022

CVE-2014-5436

A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

UNKNOWN Apr 08, 2019