// For flags

CVE-2022-30244

 

Severity Score

8.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.

El módulo de control Alerton Ascent (ACM) de Honeywell versiones hasta 04-05-2022, permite una escritura de programación no autenticada por parte de usuarios remotos. Esto permite que el código sea almacenado en el controlador y luego sea ejecutado sin verificación. Un usuario con intenciones maliciosas puede enviar un paquete diseñado para cambiar y/o detener el programa sin el conocimiento de otros usuarios, alterando la función del controlador. Tras el cambio de programación, es necesario sobrescribir el programa para que el controlador recupere su función operativa original

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-05-04 CVE Reserved
  • 2022-07-15 CVE Published
  • 2024-05-31 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Honeywell
Search vendor "Honeywell"
Alerton Ascent Control Module Firmware
Search vendor "Honeywell" for product "Alerton Ascent Control Module Firmware"
<= 2022-05-04
Search vendor "Honeywell" for product "Alerton Ascent Control Module Firmware" and version " <= 2022-05-04"
-
Affected
in Honeywell
Search vendor "Honeywell"
Alerton Ascent Control Module
Search vendor "Honeywell" for product "Alerton Ascent Control Module"
--
Safe