Remote Code Execution Flaw in Honeywell Alerton Control Module
CVE-2022-30244

8HIGH

Key Information:

Vendor

Honeywell

Status
Alerton Ascent Control Module Firmware
Vendor
CVE Published:
15 July 2022

What is CVE-2022-30244?

The Honeywell Alerton Ascent Control Module is susceptible to a vulnerability that permits unauthenticated users to performs programming writes remotely. This could lead to unauthorized code being stored and executed on the control module. Malicious actors can exploit this to alter the operational behavior of the controller by sending specially crafted packets, thereby stopping or changing the program without any user's consent or awareness. Recovering the original functionality of the controller necessitates that the altered program is overwritten, posing ongoing security risks.

References

https://blog.scadafence.com
x_refsource_MISC
https://www.honeywell.com/us/en/product-security
x_refsource_MISC
https://github.com/scadafence/Honeywell-Alerton-Vulnerabi...
x_refsource_MISC

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.