Lucene search

[email protected]CVE-2022-30243

HistoryJul 15, 2022 - 12:15 p.m.

CVE-2022-30243

2022-07-1512:15:08

CWE-829

[email protected]

web.nvd.nist.gov

cve-2022-30243

honeywell alerton

visual logic

unauthenticated access

remote programming

malicious code

controller vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.6%

JSON

Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller’s function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.

Affected configurations

NVD

Node

honeywellalterton_visual_logic_firmwareRange≤2022-05-04

AND

honeywellalterton_visual_logicMatch-

CPENameOperatorVersion
honeywell:alterton_visual_logic_firmwarehoneywell alterton visual logic firmwarele2022-05-04

CPE	Name	Operator	Version
honeywell:alterton_visual_logic_firmware	honeywell alterton visual logic firmware	le	2022-05-04

References

blog.scadafence.com

github.com/scadafence/Honeywell-Alerton-Vulnerabilities

www.honeywell.com/us/en/product-security

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.6%

JSON

Related for CVE-2022-30243

prion1 nvd1 cvelist1