Vulnerability Description
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Alerton Ascent Control Module Firmware | <= 2022-05-04 |
| Honeywell | Alerton Ascent Control Module | - |
Related Weaknesses (CWE)
References
- https://blog.scadafence.comNot Applicable
- https://github.com/scadafence/Honeywell-Alerton-VulnerabilitiesThird Party Advisory
- https://www.honeywell.com/us/en/product-securityVendor Advisory
- https://blog.scadafence.comNot Applicable
- https://github.com/scadafence/Honeywell-Alerton-VulnerabilitiesThird Party Advisory
- https://www.honeywell.com/us/en/product-securityVendor Advisory
FAQ
What is CVE-2022-30244?
CVE-2022-30244 is a vulnerability with a CVSS score of 8.0 (HIGH). Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verif...
How severe is CVE-2022-30244?
CVE-2022-30244 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-30244?
Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Alerton Ascent Control Module Firmware, Honeywell Alerton Ascent Control Module.