SB2022072707 - Multiple vulnerabilities in Honeywell Safety Manager

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022072707

SB2022072707 - Multiple vulnerabilities in Honeywell Safety Manager

Published: July 27, 2022

Security Bulletin ID SB2022072707
Severity
High
Patch available
NO
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Insufficient verification of data authenticity (CVE-ID: CVE-2022-30315)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the Safety Builder protocol does not validate or authenticate the download logic. A remote attacker can execute arbitrary code on the CPU module.


2) Missing Authentication for Critical Function (CVE-ID: CVE-2022-30313)

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to missing authentication for critical function in the Safety Builder protocol. A local attacker can cause configuration and system changes.


3) Insufficient verification of data authenticity (CVE-ID: CVE-2022-30316)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected product firmware images are not signed and only rely on insecure checksums for regular integrity checks. A local attacker can boot process or push malicious firmware.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References