Vulnerability Description
Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. When booting, the Safety Manager exposes the Enea POLO bootloader via this interface. Access to the boot configuration is controlled by means of credentials hardcoded in the Safety Manager firmware. The credentials for the bootloader are hardcoded in the firmware. An attacker with access to the serial interface (either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway) can utilize these credentials to control the boot process and manipulate the unauthenticated firmware image (see FSCT-2022-0054).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Safety Manager Firmware | < r160.1 |
| Honeywell | Safety Manager | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02MitigationThird Party AdvisoryUS Government Resource
- https://www.forescout.com/blog/Third Party Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02MitigationThird Party AdvisoryUS Government Resource
- https://www.forescout.com/blog/Third Party Advisory
FAQ
What is CVE-2022-30314?
CVE-2022-30314 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected componen...
How severe is CVE-2022-30314?
CVE-2022-30314 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-30314?
Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Safety Manager Firmware, Honeywell Safety Manager.