← Volver a CVEs

CVE-2022-30242

MEDIUM

6.8

Descripcion

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered.

Detalles CVE

Puntuacion CVSS v3.16.8

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioREQUIRED

Publicado7/15/2022

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

honeywell:alerton_ascent_control_modulehoneywell:alerton_ascent_control_module_firmware

Referencias

https://blog.scadafence.com(cve@mitre.org)

https://github.com/scadafence/Honeywell-Alerton-Vulnerabilities(cve@mitre.org)

https://www.honeywell.com/us/en/product-security(cve@mitre.org)

https://blog.scadafence.com(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/scadafence/Honeywell-Alerton-Vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)

https://www.honeywell.com/us/en/product-security(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.