CVE-2022-30320

Name of the Vulnerable Software and Affected Versions Saia Burgess Controls (SBC) PCD through 2022-05-06

Description The issue is related to the use of an insecure algorithm for hashing passwords in the S-Bus protocol implementation of the Saia Burgess Controls (SBC) PCD controllers. This allows an attacker to bypass authentication by intercepting hashed credentials and finding collisions, thus gaining access to sensitive engineering functionality such as uploading or downloading control logic and manipulating controller configuration. The affected component is the S-Bus (5050/UDP) authentication.

Recommendations For Saia Burgess Controls (SBC) PCD through 2022-05-06, consider disabling the S-Bus protocol or restricting access to sensitive engineering functionality until a secure hashing algorithm is implemented. As a temporary workaround, avoid using the write byte message to supply hashed versions of passwords. Restrict access to the S-Bus authentication component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.