Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered.
Published 2022-07-15 12:15:09
Updated 2022-07-22 17:11:10
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-30242

0.09%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-30242

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.8
MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
2.3
4.0
NIST

References for CVE-2022-30242

Products affected by CVE-2022-30242

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!