CVE-2022-30318

moderate-risk
Published 2022-08-31

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service.

Do I need to act?

~
3.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Controledge Plc Firmware
Controledge Rtu Firmware

Affected Vendors

Honeywell

References (4)

Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-06
Not Applicable https://www.forescout.com/blog/
Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-06
Not Applicable https://www.forescout.com/blog/
46
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 7/34 · Low