MEDIUM🇵🇱 Wersja polska

CVE-2022-30314

CVSS 4.6v3.1pub. 2022-07-28upd. 2024-11-21

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. When booting, the Safety Manager exposes the Enea POLO bootloader via this interface. Access to the boot configuration is controlled by means of credentials hardcoded in the Safety Manager firmware. The credentials for the bootloader are hardcoded in the firmware. An attacker with access to the serial interface (either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway) can utilize these credentials to control the boot process and manipulate the unauthenticated firmware image (see FSCT-2022-0054).

CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Honeywell Safety Manager

    HW
    Honeywell
    wszystkie wersje
  • Honeywell Safety Manager Firmware

    OS
    Honeywell
    < r160.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-30315CRITICAL9.8ten sam produkt

Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Au...

CVE-2022-30313HIGH7.5ten sam produkt

Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. A...

CVE-2022-30316MEDIUM6.8ten sam produkt

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FS...

CVE-2026-3611CRITICAL10.0PL ✓ten sam vendor

Honeywell IQ4x — brak uwierzytelnienia w fabrycznym HMI (CWE-306)

CVE-2025-2605CRITICAL9.9PL ✓ten sam vendor

OS Command Injection w Honeywell MB-Secure i MB-Secure PRO (privilege abuse)