Cleartext Transmission Vulnerability in Trend Controls Building Automation System
CVE-2022-30312

6.5MEDIUM

Key Information:

Vendor: Honeywell
Status: Trend Iq412 Firmware
Vendor: CVE Published:; 7 September 2022

What is CVE-2022-30312?

The Trend Controls Inter-Controller (IC) protocol allows for the cleartext transmission of sensitive credentials, posing significant security risks. This vulnerability enables an attacker with interception capabilities to access critical user information, including 4-digit PINs and usernames/passwords used for web access to the controls. Compromised credentials can lead to unauthorized manipulation of controller settings and configurations, potentially enabling broader access to connected systems. Organizations using Trend Controls building automation systems should take immediate action to secure their networks and implement measures to protect sensitive data.

References

https://www.forescout.com/blog/

x_refsource_MISC

https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-08

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 7, 2022
Vulnerability Reserved
May 6, 2022

CVE-2022-30312 Data

JSON

Honeywell

What is CVE-2022-30312?

References

CVSS V3.1

Timeline