CVE-2022-4240 HIGH

Published: 2023-05-30 | Last Modified: 2024-11-21 | Status: Modified

Description

Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-306
[email protected]	Primary	en CWE-306

Affected Products

Vendor	Product	Version	Update	Type
honeywell	onewireless_network_wireless_device_manager_firmware	*	<built-in method update of dict object at 0x7c3c40dd4d00>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:onewireless_network_wireless_device_manager_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:onewireless_network_wireless_device_manager:-:::::::*`

References

https://process.honeywell.com/
Source: [email protected]

Product
https://process.honeywell.com/
Source: af854a3a-2127-422b-91ae-364da2661108

Product