Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-30318

Published: 31/08/2022 Updated: 07/09/2022
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Honeywell

Vulnerability Summary

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

honeywell controledge_plc_firmware

honeywell controledge_rtu_firmware

ICS Advisories

Honeywell ControlEdge

References

CWE-798https://www.forescout.com/blog/https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-06https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-242-06
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook