CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-30312
https://notcve.org/view.php?id=CVE-2022-30312
07 Sep 2022 — The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller (IC) protocol (57612/UDP). The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller (IC) protocol in for information exchange and aut... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-08 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2022-30318
https://notcve.org/view.php?id=CVE-2022-30318
31 Aug 2022 — Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-06 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30317
https://notcve.org/view.php?id=CVE-2022-30317
31 Aug 2022 — Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-07 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30319
https://notcve.org/view.php?id=CVE-2022-30319
28 Jul 2022 — Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-03 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30320
https://notcve.org/view.php?id=CVE-2022-30320
28 Jul 2022 — Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls (SBC) PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-03 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30313
https://notcve.org/view.php?id=CVE-2022-30313
28 Jul 2022 — Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are characterized as: Honeywell Experion TCP (51000/TCP), Safety Builder (51010/TCP). The potential impact is: Manipulate controller state, Manipulate controller configuration, Manipulate controller logic, Manipulate controller ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30314
https://notcve.org/view.php?id=CVE-2022-30314
28 Jul 2022 — Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-30315
https://notcve.org/view.php?id=CVE-2022-30315
28 Jul 2022 — Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell FSC runtime (FSC-CPU, QPP), Honeywell Safety Builder. The potential impact is: Remote Code Execution, Denial of Service. The Honeywell Experion PKS Safety Manager family of safety controllers utilize the unauthen... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30316
https://notcve.org/view.php?id=CVE-2022-30316
28 Jul 2022 — Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The potential impact is: Firmware manipulation. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 communication FTA serial interface and Enea POLO bootloader for firmware management purposes. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30245
https://notcve.org/view.php?id=CVE-2022-30245
15 Jul 2022 — Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actu... • https://blog.scadafence.com • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •