Cyber Resilience

CVE-2022-30242

Medium

Published: 15 July 2022

Published
15 July 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
EPSS Score 0.0011 29.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-30242 is a medium-severity an unspecified weakness vulnerability in Honeywell Alerton Ascent Control Module Firmware. Its CVSS base score is 6.8 (Medium).

Operationally, ranked at the 29.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change…

more

the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

honeywell
alerton ascent control module firmware
≤ 2022-05-04

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References