CVE-2022-2333

HIGH

Honeywell SoftMaster <4.51 - Code Injection

Title source: llm

Description

If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.

Exploits (1)

nomisec WRITEUP 51 stars

by shirouQwQ · poc

https://github.com/shirouQwQ/CVE-2022-2333

View Code ZIP pw:eip

References (2)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02

[Not Applicable] https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf

Scores

CVSS v3 8.8

EPSS 0.0022

EPSS Percentile 44.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

honeywell/softmaster

Timeline

Published Sep 16, 2022

Tracked Since Feb 18, 2026