CVE-2022-30312

{"id": "CVE-2022-30312", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-09-07T18:15:08.807", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-08", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.forescout.com/blog/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller (IC) protocol (57612/UDP). The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller (IC) protocol in for information exchange and automation purposes. This protocol offers authentication in the form of a 4-digit PIN in order to protect access to sensitive operations like strategy uploads and downloads as well as optional 0-30 character username and password protection for web page access protection. Both the PIN and usernames and passwords are transmitted in cleartext, allowing an attacker with passive interception capabilities to obtain these credentials. Credentials are transmitted in cleartext. An attacker who obtains Trend IC credentials can carry out sensitive engineering actions such as manipulating controller strategy or configuration settings. If the credentials in question are (re)used for other applications, their compromise could potentially facilitate lateral movement."}, {"lang": "es", "value": "El protocolo IC de Trend Controls versiones hasta 06-05-2022, permite la transmisi\u00f3n en texto sin cifrar de informaci\u00f3n confidencial. De acuerdo con FSCT-2022-0050, se presenta un problema de transmisi\u00f3n de credenciales en texto sin cifrar del protocolo Inter-Controller (IC) de Trend Controls. Los componentes afectados se caracterizan como: Protocolo Inter-Controller (IC) (57612/UDP). El impacto potencial es: Compromiso de credenciales. Varios controladores de automatizaci\u00f3n de edificios de Trend Controls usan el protocolo Inter-Controller (IC) para el intercambio de informaci\u00f3n y la automatizaci\u00f3n. Este protocolo ofrece autenticaci\u00f3n en forma de un PIN de 4 d\u00edgitos para proteger el acceso a operaciones confidenciales como las cargas y descargas de estrategias, as\u00ed como una protecci\u00f3n opcional de nombre de usuario y contrase\u00f1a de 0 a 30 caracteres para la protecci\u00f3n del acceso a la p\u00e1gina web. Tanto el PIN como los nombres de usuario y las contrase\u00f1as se transmiten en texto sin cifrar, lo que permite a un atacante con capacidad de interceptaci\u00f3n pasiva obtener estas credenciales. Las credenciales son transmitidas en texto sin cifrar. Un atacante que obtenga las credenciales de Trend IC puede llevar a cabo acciones de ingenier\u00eda confidenciales, como manipular la estrategia del controlador o los ajustes de configuraci\u00f3n. Si las credenciales en cuesti\u00f3n son (re)usadas para otras aplicaciones, su compromiso podr\u00eda facilitar potencialmente el movimiento lateral"}], "lastModified": "2022-09-16T18:01:49.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:trend_iq412_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B928A21-ED92-441B-B3B4-AD6CA3CAFCBC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:trend_iq412:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B4D948F6-5385-44D9-BE4C-A15E07045A13"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:trend_iq411_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E9EE40E-2344-4E4B-9D9B-A804282DCB5D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:trend_iq411:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D8F60BAE-5C8C-4D36-B84D-2141223D6643"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:trend_iq422_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40FB634B-ADDB-455B-8C0B-3B46FB17741F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:trend_iq422:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5C8F8D3-2CCC-41B2-85DF-C95852BB989B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:trend_iq4nc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ADDE583-ECE3-48B3-9C29-AE5329BE7D10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:trend_iq4nc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "15FF7C06-33C8-4EE3-A7F1-FA060296BD77"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:trend_iq4e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28F52579-5DE9-4915-9240-410C8AD24674"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:trend_iq4e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "88BE0C8B-BA3C-48C9-919E-0DDE99447649"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}