CVE-2022-30317 CRITICAL

Published: 2022-08-31 | Last Modified: 2024-11-21 | Status: Modified

Description

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo protocol (55565/TCP) for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols' functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service.

Additional Descriptions (1)

Honeywell Experion LX versiones hasta 06-05-2022, presenta una autenticación faltante para una función crítica. Según FSCT-2022-0055, se presenta un problema de acceso a datos de control (CDA) del protocolo EpicMo de Honeywell Experion LX con funcionalidad no autenticada. Los componentes afectados se caracterizan como: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). El impacto potencial es: Manipulación del firmware, Denegación de servicio. El Sistema de Control Distribuido (DCS) Experion LX de Honeywell usa el protocolo de Acceso a Datos de Control (CDA) EpicMo (55565/TCP) para fines de diagnóstico y mantenimiento del dispositivo. Este protocolo no presenta ninguna función de autenticación, lo que permite a cualquier atacante capaz de comunicarse con los puertos en cuestión invocar (un subconjunto de) la funcionalidad deseada. El protocolo en cuestión no presenta ninguna funcionalidad de autenticación. Un atacante capaz de invocar las funcionalidades de los protocolos podría emitir comandos de descarga de firmware permitiendo potencialmente la manipulación del firmware y el reinicio de los dispositivos causando una denegación de servicio

CVSS Metrics

Base Score: 9.1 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.2

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-306

Affected Products

Vendor	Product	Version	Update	Type
honeywell	experion_lx_firmware	*	<built-in method update of dict object at 0x7c3bf3b69680>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:experion_lx_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:experion_lx:-:::::::*`

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-07
Source: [email protected]

Mitigation Third Party Advisory US Government Resource
https://www.forescout.com/blog/
Source: [email protected]

Not Applicable
https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-07
Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Third Party Advisory US Government Resource
https://www.forescout.com/blog/
Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable