CVE-2022-30312

Name of the Vulnerable Software and Affected Versions Honeywell programmiруемых логических контроллеров versions prior to the fixed version Trend Controls IC protocol versions prior to 2022-05-06

Description The issue is related to the transmission of sensitive information, including PIN codes, usernames, and passwords, in cleartext. This allows an attacker with passive interception capabilities to obtain these credentials. The affected protocol is used for information exchange and automation purposes in building automation controllers. An attacker who obtains the credentials can carry out sensitive engineering actions, such as manipulating controller strategy or configuration settings. If the compromised credentials are reused for other applications, it could facilitate lateral movement.

Recommendations For Honeywell programmiруемых логических контроллеров, update to a version that fixes the cleartext transmission issue. For Trend Controls IC protocol, update to a version released after 2022-05-06 to address the cleartext transmission of credentials. As a temporary workaround, consider restricting access to the Inter-Controller (IC) protocol to minimize the risk of exploitation. Avoid using the username and password parameters in the affected API endpoint until the issue is resolved. Restrict access to the Inter-Controller (IC) protocol to minimize the risk of exploitation.