CVE-2022-30242

EPSS 0.11%
Published 15.07.2022 12:15:08
Last modified 21.11.2024 07:02:26
Source cve@mitre.org
Teams watchlist Login
Open Login

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Honeywell ≫ Alerton Ascent Control Module Firmware Version <= 2022-05-04

Honeywell ≫ Alerton Ascent Control Module Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.302

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	2.3	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

https://www.honeywell.com/us/en/product-security

Vendor Advisory

https://blog.scadafence.com

Not Applicable

https://github.com/scadafence/Honeywell-Alerton-Vulnerabilities

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-30242

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-30242

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-30242

EUVD