CVE-2022-30314 MEDIUM

Published: 2022-07-28 | Last Modified: 2024-11-21 | Status: Modified

Description

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. When booting, the Safety Manager exposes the Enea POLO bootloader via this interface. Access to the boot configuration is controlled by means of credentials hardcoded in the Safety Manager firmware. The credentials for the bootloader are hardcoded in the firmware. An attacker with access to the serial interface (either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway) can utilize these credentials to control the boot process and manipulate the unauthenticated firmware image (see FSCT-2022-0054).

Additional Descriptions (1)

Honeywell Experion PKS Safety Manager versión 5.02, usa credenciales embebidas. Según FSCT-2022-0052, se presenta un problema de credenciales embebidas de Honeywell Experion PKS Safety Manager. Los componentes afectados son caracterizados como: POLO bootloader. El impacto potencial es: Manipular el firmware. El Safety Manager de Honeywell Experion PKS usa la interfaz serie DCOM-232/485 para la administración del firmware. Cuando arranca, el Safety Manager expone el bootloader Enea POLO por medio de esta interfaz. El acceso a la configuración de arranque es controlada mediante credenciales embebidas en el firmware del Safety Manager. Las credenciales para el cargador de arranque están embebidas en el firmware. Un atacante con acceso a la interfaz serie (ya sea mediante un acceso físico, un EWS comprometido o una puerta de enlace serie-ethernet expuesta) puede usar estas credenciales para controlar el proceso de arranque y manipular la imagen de firmware no autenticada (ver FSCT-2022-0054)

CVSS Metrics

Base Score: 4.6 (MEDIUM)

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector	PHYSICAL
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	HIGH
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 0.9

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-798

Affected Products

Vendor	Product	Version	Update	Type
honeywell	safety_manager_firmware	*	<built-in method update of dict object at 0x7c3c2be84ac0>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:safety_manager_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:safety_manager:-:::::::*`

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02
Source: [email protected]

Mitigation Third Party Advisory US Government Resource
https://www.forescout.com/blog/
Source: [email protected]

Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02
Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Third Party Advisory US Government Resource
https://www.forescout.com/blog/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory