CVE-2022-30243

Name of the Vulnerable Software and Affected Versions Honeywell Alerton Visual Logic through 2022-05-04

Description The issue allows unauthenticated programming writes from remote users, enabling code to be stored on the controller and run without verification. A malicious user can send a crafted packet to change or stop the program, altering the controller's function without other users' knowledge. The program needs to be overwritten to restore the controller's original operational function.

Recommendations For Honeywell Alerton Visual Logic through 2022-05-04, overwrite the program to restore the controller's original operational function after any unauthorized programming changes. As a temporary workaround, consider restricting access to the controller to prevent malicious users from sending crafted packets. At the moment, there is no information about a newer version that contains a fix for this vulnerability.