CVE-2022-30244
HIGHHoneywell Alerton Ascent Control Module (ACM) - Code Injection
Title source: llmDescription
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.
References (3)
Core 3
Core References
Not Applicable x_refsource_misc
https://blog.scadafence.com
Vendor Advisory x_refsource_misc
https://www.honeywell.com/us/en/product-security
Third Party Advisory x_refsource_misc
https://github.com/scadafence/Honeywell-Alerton-Vulnerabilities
Scores
CVSS v3
8.0
EPSS
0.0115
EPSS Percentile
62.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-829
Status
published
Products (1)
honeywell/alerton_ascent_control_module_firmware
< 2022-05-04
Published
Jul 15, 2022
Tracked Since
Feb 18, 2026