CVE-2022-30244

Name of the Vulnerable Software and Affected Versions Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04

Description The issue allows unauthenticated programming writes from remote users, enabling code to be stored on the controller and run without verification. A malicious user can send a crafted packet to change or stop the program, altering the controller's function without other users' knowledge. The program needs to be overwritten to restore the controller's original operational function.

Recommendations For Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04, consider overwriting the program to restore the controller's original operational function after any unauthorized programming changes. As a temporary workaround, restrict access to the controller to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.