CVE-2022-30313

Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are characterized as: Honeywell Experion TCP (51000/TCP), Safety Builder (51010/TCP). The potential impact is: Manipulate controller state, Manipulate controller configuration, Manipulate controller logic, Manipulate controller files, Manipulate IO. The Honeywell Experion PKS Distributed Control System (DCS) Safety Manager utilizes several proprietary protocols for a wide variety of functionality, including process data acquisition, controller steering and configuration management. These protocols include: Experion TCP (51000/TCP) and Safety Builder (51010/TCP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocols in question. An attacker capable of invoking the protocols' functionalities could achieve a wide range of adverse impacts, including (but not limited to), the following: for Experion TCP (51000/TCP): Issue IO manipulation commands, Issue file read/write commands; and for Safety Builder (51010/TCP): Issue controller start/stop commands, Issue logic download/upload commands, Issue file read commands, Issue system time change commands. A mitigating factor with regards to some, but not all, of the above functionality is that these require the Safety Manager physical keyswitch to be in the right position.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02	Mitigation Third Party Advisory US Government Resource
https://www.forescout.com/blog/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:honeywell:safety_manager_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:honeywell:safety_manager:-:*:*:*:*:*:*:*

History

05 Aug 2022, 22:28

Type	Values Removed	Values Added
First Time		Honeywell safety Manager Firmware Honeywell Honeywell safety Manager
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:o:honeywell:safety_manager_firmware:-:::::::* cpe:2.3:h:honeywell:safety_manager:-:::::::*
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 -~~	(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-02 - Mitigation, Third Party Advisory, US Government Resource
References	~~(MISC) https://www.forescout.com/blog/ -~~	(MISC) https://www.forescout.com/blog/ - Third Party Advisory
CWE		CWE-306

28 Jul 2022, 17:28

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-28 16:15

Updated : 2024-02-13 16:26

NVD link : CVE-2022-30313

Mitre link : CVE-2022-30313

CVE.ORG link : CVE-2022-30313

JSON object : View

Products Affected

honeywell

safety_manager_firmware
safety_manager

CWE

CWE-306

Missing Authentication for Critical Function

7.5 /10