CVE-2022-30244
Last modified
CVE-2022-30244 is a high-severity vulnerability rated 8/10 on the CVSS scale. Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. EPSS estimates a 1.17% chance of exploitation in the next 30 days.
Description
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Alerton Ascent Control Module Firmware | <= 2022-05-04 |
References
- https://blog.scadafence.comNot Applicable
- https://github.com/scadafence/Honeywell-Alerton-VulnerabilitiesThird Party Advisory
- https://www.honeywell.com/us/en/product-securityVendor Advisory
- https://blog.scadafence.comNot Applicable
- https://github.com/scadafence/Honeywell-Alerton-VulnerabilitiesThird Party Advisory
- https://www.honeywell.com/us/en/product-securityVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-30244?
How severe is CVE-2022-30244?
How do I fix CVE-2022-30244?
Are you affected by CVE-2022-30244?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST