CVE-2022-30244

Published: Jul 15, 2022Modified: Nov 21, 2024

8.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.

Affected (1)

Products: Honeywell: Alerton Ascent Control Module Firmware

1 product

Alerton Ascent Control Module Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Honeywell Alerton Ascent Control Module Firmware	Up to 2022-05-04

Running on/with	Platform Versions
Honeywell Alerton Ascent Control Module	All versions

Related CWEs

Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

References (6)

https://blog.scadafence.com

Source: cve@mitre.org

Not Applicable

https://github.com/scadafence/Honeywell-Alerton-Vulnerabilities

Source: cve@mitre.org

Third Party Advisory

https://www.honeywell.com/us/en/product-security

Source: cve@mitre.org

Vendor Advisory

https://blog.scadafence.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://github.com/scadafence/Honeywell-Alerton-Vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.honeywell.com/us/en/product-security

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.