← Zuruck zu CVEs

CVE-2022-30245

MEDIUM

6.5

Beschreibung

Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered.

CVE Details

CVSS v3.1 Bewertung6.5

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht7/15/2022

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

honeywell:alerton_compass

Schwachen (CWE)

CWE-610

Referenzen

https://blog.scadafence.com(cve@mitre.org)

https://github.com/scadafence/Honeywell-Alerton-Vulnerabilities(cve@mitre.org)

https://www.honeywell.com/us/en/product-security(cve@mitre.org)

https://blog.scadafence.com(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/scadafence/Honeywell-Alerton-Vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)

https://www.honeywell.com/us/en/product-security(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.