CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30313
https://notcve.org/view.php?id=CVE-2022-30313
28 Jul 2022 — Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are characterized as: Honeywell Experion TCP (51000/TCP), Safety Builder (51010/TCP). The potential impact is: Manipulate controller state, Manipulate controller configuration, Manipulate controller logic, Manipulate controller ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30314
https://notcve.org/view.php?id=CVE-2022-30314
28 Jul 2022 — Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2022-30315
https://notcve.org/view.php?id=CVE-2022-30315
28 Jul 2022 — Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell FSC runtime (FSC-CPU, QPP), Honeywell Safety Builder. The potential impact is: Remote Code Execution, Denial of Service. The Honeywell Experion PKS Safety Manager family of safety controllers utilize the unauthen... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30316
https://notcve.org/view.php?id=CVE-2022-30316
28 Jul 2022 — Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The potential impact is: Firmware manipulation. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 communication FTA serial interface and Enea POLO bootloader for firmware management purposes. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 • CWE-354: Improper Validation of Integrity Check Value •