CVE-2022-30245
Last modified
CVE-2022-30245 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. EPSS estimates a 1.03% chance of exploitation in the next 30 days.
Description
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Alerton Compass | 1.6.5 |
References
- https://blog.scadafence.comThird Party Advisory
- https://github.com/scadafence/Honeywell-Alerton-VulnerabilitiesThird Party Advisory
- https://www.honeywell.com/us/en/product-securityVendor Advisory
- https://blog.scadafence.comThird Party Advisory
- https://github.com/scadafence/Honeywell-Alerton-VulnerabilitiesThird Party Advisory
- https://www.honeywell.com/us/en/product-securityVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-30245?
How severe is CVE-2022-30245?
How do I fix CVE-2022-30245?
Are you affected by CVE-2022-30245?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST