high
7.1
CWE
319
Advisory Published
Updated

CVE-2022-30312

First published: Wed Sep 07 2022(Updated: )

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller (IC) protocol (57612/UDP). The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller (IC) protocol in for information exchange and automation purposes. This protocol offers authentication in the form of a 4-digit PIN in order to protect access to sensitive operations like strategy uploads and downloads as well as optional 0-30 character username and password protection for web page access protection. Both the PIN and usernames and passwords are transmitted in cleartext, allowing an attacker with passive interception capabilities to obtain these credentials. Credentials are transmitted in cleartext. An attacker who obtains Trend IC credentials can carry out sensitive engineering actions such as manipulating controller strategy or configuration settings. If the credentials in question are (re)used for other applications, their compromise could potentially facilitate lateral movement.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Honeywell Trend Iq412 Firmware
Honeywell Trend Iq412
Honeywell Trend Iq411 Firmware
Honeywell Trend Iq411
Honeywell Trend Iq422 Firmware
Honeywell Trend Iq422
Honeywell Trend Iq4nc Firmware
Honeywell Trend Iq4nc
Honeywell Trend Iq4e Firmware
Honeywell Trend Iq4e
Honeywell IQ Series Controllers that utilize Inter-Controller (IC) protocol

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the vulnerability ID for this issue?

    The vulnerability ID for this issue is CVE-2022-30312.

  • What is the severity level of CVE-2022-30312?

    The severity level of CVE-2022-30312 is medium with a severity score of 6.5.

  • Which software components are affected by CVE-2022-30312?

    The affected software components are Honeywell Trend IQ412 Firmware, Honeywell Trend IQ411 Firmware, Honeywell Trend IQ422 Firmware, Honeywell Trend IQ4NC Firmware, and Honeywell Trend IQ4E Firmware.

  • What is the vulnerability description for CVE-2022-30312?

    CVE-2022-30312 is a vulnerability in the Trend Controls IC protocol that allows cleartext transmission of sensitive information.

  • How can I fix CVE-2022-30312?

    There is currently no known fix or patch available for CVE-2022-30312. It is recommended to follow the mitigation steps provided by the vendor or security advisories.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203