CVE-2022-30312

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller (IC) protocol (57612/UDP). The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller (IC) protocol in for information exchange and automation purposes. This protocol offers authentication in the form of a 4-digit PIN in order to protect access to sensitive operations like strategy uploads and downloads as well as optional 0-30 character username and password protection for web page access protection. Both the PIN and usernames and passwords are transmitted in cleartext, allowing an attacker with passive interception capabilities to obtain these credentials. Credentials are transmitted in cleartext. An attacker who obtains Trend IC credentials can carry out sensitive engineering actions such as manipulating controller strategy or configuration settings. If the credentials in question are (re)used for other applications, their compromise could potentially facilitate lateral movement.

El protocolo IC de Trend Controls versiones hasta 06-05-2022, permite la transmisión en texto sin cifrar de información confidencial. De acuerdo con FSCT-2022-0050, se presenta un problema de transmisión de credenciales en texto sin cifrar del protocolo Inter-Controller (IC) de Trend Controls. Los componentes afectados se caracterizan como: Protocolo Inter-Controller (IC) (57612/UDP). El impacto potencial es: Compromiso de credenciales. Varios controladores de automatización de edificios de Trend Controls usan el protocolo Inter-Controller (IC) para el intercambio de información y la automatización. Este protocolo ofrece autenticación en forma de un PIN de 4 dígitos para proteger el acceso a operaciones confidenciales como las cargas y descargas de estrategias, así como una protección opcional de nombre de usuario y contraseña de 0 a 30 caracteres para la protección del acceso a la página web. Tanto el PIN como los nombres de usuario y las contraseñas se transmiten en texto sin cifrar, lo que permite a un atacante con capacidad de interceptación pasiva obtener estas credenciales. Las credenciales son transmitidas en texto sin cifrar. Un atacante que obtenga las credenciales de Trend IC puede llevar a cabo acciones de ingeniería confidenciales, como manipular la estrategia del controlador o los ajustes de configuración. Si las credenciales en cuestión son (re)usadas para otras aplicaciones, su compromiso podría facilitar potencialmente el movimiento lateral

*Credits: N/A

CVSS Scores

NISTv3.1 6.5

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-06 CVE Reserved
2022-09-07 CVE Published
2024-03-30 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-319: Cleartext Transmission of Sensitive Information

CAPEC

References (2)

URL	Tag	Source
https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-08	Third Party Advisory
https://www.forescout.com/blog	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Honeywell Search vendor "Honeywell"	Trend Iq412 Firmware Search vendor "Honeywell" for product "Trend Iq412 Firmware"	*	-	Affected	in	Honeywell Search vendor "Honeywell"	Trend Iq412 Search vendor "Honeywell" for product "Trend Iq412"	-	-	Safe
Honeywell Search vendor "Honeywell"	Trend Iq411 Firmware Search vendor "Honeywell" for product "Trend Iq411 Firmware"	*	-	Affected	in	Honeywell Search vendor "Honeywell"	Trend Iq411 Search vendor "Honeywell" for product "Trend Iq411"	-	-	Safe
Honeywell Search vendor "Honeywell"	Trend Iq422 Firmware Search vendor "Honeywell" for product "Trend Iq422 Firmware"	*	-	Affected	in	Honeywell Search vendor "Honeywell"	Trend Iq422 Search vendor "Honeywell" for product "Trend Iq422"	-	-	Safe
Honeywell Search vendor "Honeywell"	Trend Iq4nc Firmware Search vendor "Honeywell" for product "Trend Iq4nc Firmware"	*	-	Affected	in	Honeywell Search vendor "Honeywell"	Trend Iq4nc Search vendor "Honeywell" for product "Trend Iq4nc"	-	-	Safe
Honeywell Search vendor "Honeywell"	Trend Iq4e Firmware Search vendor "Honeywell" for product "Trend Iq4e Firmware"	*	-	Affected	in	Honeywell Search vendor "Honeywell"	Trend Iq4e Search vendor "Honeywell" for product "Trend Iq4e"	-	-	Safe