Lucene search

K
cve[email protected]CVE-2022-30244
HistoryJul 15, 2022 - 12:15 p.m.

CVE-2022-30244

2022-07-1512:15:08
CWE-829
web.nvd.nist.gov
39
4
cve-2022-30244
honeywell
alerton acm
unauthenticated write
remote code execution
unauthorized program alteration

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.4%

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller’s function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.

Affected configurations

NVD
Node
honeywellalerton_ascent_control_module_firmwareRange≀2022-05-04
AND
honeywellalerton_ascent_control_moduleMatch-

Social References

More

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.4%

Related for CVE-2022-30244