CVE-2022-30315

Name of the Vulnerable Software and Affected Versions Honeywell Experion PKS Safety Manager versions through 2022-05-06

Description The issue is related to insufficient verification of data authenticity in the Safety Builder protocol used by Honeywell Experion PKS Safety Manager controllers. This allows an attacker to execute arbitrary machine code on the controller's CPU module, potentially leading to remote code execution and denial of service. The affected components include Honeywell FSC runtime and Honeywell Safety Builder. An attacker who can communicate with a Safety Manager controller via the Safety Builder protocol can execute arbitrary code without restrictions, allowing for covert manipulation of control operations. A mitigating factor is that some functionality requires the Safety Manager physical keyswitch to be in the right position.

Recommendations For Honeywell Experion PKS Safety Manager versions through 2022-05-06, consider disabling the Safety Builder protocol until a patch is available to prevent arbitrary code execution. Restrict access to the controller's CPU module to minimize the risk of exploitation. Avoid using the Safety Builder protocol for engineering purposes until the issue is resolved. As a temporary workaround, ensure the Safety Manager physical keyswitch is in the correct position to mitigate some of the functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.