CVE-2022-30320
https://notcve.org/view.php?id=CVE-2022-30320
Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls (SBC) PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-03 https://www.forescout.com/blog • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-30313
https://notcve.org/view.php?id=CVE-2022-30313
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are characterized as: Honeywell Experion TCP (51000/TCP), Safety Builder (51010/TCP). The potential impact is: Manipulate controller state, Manipulate controller configuration, Manipulate controller logic, Manipulate controller files, Manipulate IO. The Honeywell Experion PKS Distributed Control System (DCS) Safety Manager utilizes several proprietary protocols for a wide variety of functionality, including process data acquisition, controller steering and configuration management. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 https://www.forescout.com/blog • CWE-306: Missing Authentication for Critical Function •
CVE-2022-30314
https://notcve.org/view.php?id=CVE-2022-30314
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 https://www.forescout.com/blog • CWE-798: Use of Hard-coded Credentials •
CVE-2022-30315
https://notcve.org/view.php?id=CVE-2022-30315
Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell FSC runtime (FSC-CPU, QPP), Honeywell Safety Builder. The potential impact is: Remote Code Execution, Denial of Service. The Honeywell Experion PKS Safety Manager family of safety controllers utilize the unauthenticated Safety Builder protocol (FSCT-2022-0051) for engineering purposes, including downloading projects and control logic to the controller. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 https://www.forescout.com/blog • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2022-30316
https://notcve.org/view.php?id=CVE-2022-30316
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The potential impact is: Firmware manipulation. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 communication FTA serial interface and Enea POLO bootloader for firmware management purposes. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 https://www.forescout.com/blog • CWE-354: Improper Validation of Integrity Check Value •