CVE-2022-30317

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo protocol (55565/TCP) for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols' functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service.

Honeywell Experion LX versiones hasta 06-05-2022, presenta una autenticación faltante para una función crítica. Según FSCT-2022-0055, se presenta un problema de acceso a datos de control (CDA) del protocolo EpicMo de Honeywell Experion LX con funcionalidad no autenticada. Los componentes afectados se caracterizan como: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). El impacto potencial es: Manipulación del firmware, Denegación de servicio. El Sistema de Control Distribuido (DCS) Experion LX de Honeywell usa el protocolo de Acceso a Datos de Control (CDA) EpicMo (55565/TCP) para fines de diagnóstico y mantenimiento del dispositivo. Este protocolo no presenta ninguna función de autenticación, lo que permite a cualquier atacante capaz de comunicarse con los puertos en cuestión invocar (un subconjunto de) la funcionalidad deseada. El protocolo en cuestión no presenta ninguna funcionalidad de autenticación. Un atacante capaz de invocar las funcionalidades de los protocolos podría emitir comandos de descarga de firmware permitiendo potencialmente la manipulación del firmware y el reinicio de los dispositivos causando una denegación de servicio

*Credits: N/A

CVSS Scores

NISTv3.1 9.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-06 CVE Reserved
2022-08-31 CVE Published
2024-03-23 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-306: Missing Authentication for Critical Function

CAPEC

References (2)

URL	Tag	Source
https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-07	Mitigation
https://www.forescout.com/blog	Not Applicable

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Honeywell Search vendor "Honeywell"	Experion Lx Firmware Search vendor "Honeywell" for product "Experion Lx Firmware"	< r520.1 Search vendor "Honeywell" for product "Experion Lx Firmware" and version " < r520.1"	-	Affected	in	Honeywell Search vendor "Honeywell"	Experion Lx Search vendor "Honeywell" for product "Experion Lx"	-	-	Safe