CVE-2022-30317

Name of the Vulnerable Software and Affected Versions Honeywell Experion LX through 2022-05-06

Description The issue concerns a missing authentication feature in the Honeywell Experion LX Control Data Access (CDA) EpicMo protocol, which is used for device diagnostics and maintenance purposes. This protocol, characterized as Honeywell Control Data Access (CDA) EpicMo (55565/TCP), lacks authentication functionality, allowing any attacker capable of communicating with the ports in question to invoke desired functionality. The potential impact includes firmware manipulation and denial of service, as an attacker could issue firmware download commands or reboot devices.

Recommendations For Honeywell Experion LX through 2022-05-06, consider disabling the EpicMo protocol (55565/TCP) until a patch or fix is available to mitigate the risk of firmware manipulation and denial of service. Restrict access to the Control Data Access (CDA) EpicMo protocol to minimize the risk of exploitation. Avoid using the protocol for device diagnostics and maintenance purposes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.