Vulnerability Description
Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Alterton Visual Logic Firmware | <= 2022-05-04 |
| Honeywell | Alterton Visual Logic | - |
Related Weaknesses (CWE)
References
- https://blog.scadafence.comNot Applicable
- https://github.com/scadafence/Honeywell-Alerton-VulnerabilitiesThird Party Advisory
- https://www.honeywell.com/us/en/product-securityVendor Advisory
- https://blog.scadafence.comNot Applicable
- https://github.com/scadafence/Honeywell-Alerton-VulnerabilitiesThird Party Advisory
- https://www.honeywell.com/us/en/product-securityVendor Advisory
FAQ
What is CVE-2022-30243?
CVE-2022-30243 is a vulnerability with a CVSS score of 8.8 (HIGH). Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A use...
How severe is CVE-2022-30243?
CVE-2022-30243 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-30243?
Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Alterton Visual Logic Firmware, Honeywell Alterton Visual Logic.