Authentication Bypass Vulnerability in Saia Burgess Controls PCD
CVE-2022-30319

8.1HIGH

Key Information:

Vendor

Honeywell

Status
Saia Pg5 Controls Suite
Vendor
CVE Published:
28 July 2022

What is CVE-2022-30319?

The Saia Burgess Controls (SBC) PCD allows for an authentication bypass via the S-Bus protocol (5050/UDP). This flaw stems from an inadequate MAC/IP whitelist mechanism combined with the stateless nature of UDP, enabling attackers to spoof traffic. If successfully exploited, this vulnerability grants unauthorized users access to critical engineering functions. Attackers can manipulate controller configurations, upload or download control logic, and execute actions that should be restricted to authenticated users. The incident highlights the need for robust access controls and security measures to protect sensitive engineering functionalities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.forescout.com/blog/
x_refsource_MISC
https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-03
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.