Cleartext Transmission Vulnerability in Trend Controls Building Automation System
CVE-2022-30312

6.5MEDIUM

Key Information:

Vendor: Honeywell
Status: Trend Iq412 Firmware
Vendor: CVE Published:; 7 September 2022

What is CVE-2022-30312?

The Trend Controls Inter-Controller (IC) protocol allows for the cleartext transmission of sensitive credentials, posing significant security risks. This vulnerability enables an attacker with interception capabilities to access critical user information, including 4-digit PINs and usernames/passwords used for web access to the controls. Compromised credentials can lead to unauthorized manipulation of controller settings and configurations, potentially enabling broader access to connected systems. Organizations using Trend Controls building automation systems should take immediate action to secure their networks and implement measures to protect sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.forescout.com/blog/

x_refsource_MISC

https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-08

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 7, 2022
Vulnerability Reserved
May 6, 2022

JSON

Honeywell

What is CVE-2022-30312?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.