#VU65803 Authentication bypass using an alternate path or channel in Saia Burgess PG5 PCD - CVE-2022-30319
Published: July 27, 2022
Vulnerability identifier: #VU65803
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-30319
CWE-ID: CWE-288
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Saia Burgess PG5 PCD
Saia Burgess PG5 PCD
Software vendor:
Honeywell International, Inc
Honeywell International, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the affected product uses the S-Bus protocol with authentication functions that can be controlled by the client MAC and IP. A remote attacker on the local network can spoof the MAC and IP of an authenticated client and manipulate the controller configuration.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.