Hard-coded Credential Vulnerability in Honeywell Experion PKS Safety Manager
CVE-2022-30314

4.6MEDIUM

Key Information:

Vendor: Honeywell
Status: Safety Manager Firmware
Vendor: CVE Published:; 28 July 2022

What is CVE-2022-30314?

The Honeywell Experion PKS Safety Manager 5.02 is susceptible to a vulnerability involving hard-coded credentials in its firmware. The issue affects the POLO bootloader, which is exposed through the DCOM-232/485 serial interface during the boot process. When accessed, these hard-coded credentials can potentially allow an attacker with physical or network access to manipulate the boot configuration and control the firmware image. This exploitation can lead to unauthorized firmware management, highlighting the importance of securing access interfaces in safety-critical environments.

References

https://www.forescout.com/blog/

x_refsource_MISC

https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2022
Vulnerability Reserved
May 6, 2022