CVE-2022-2332

Summary

A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment.

Affected Software

VendorProductVersion RangeStatus
HoneywellSoftMaster4.51affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

Workarounds

Honeywell recommends users with potentially affected products take the following steps to protect themselves: Update firmware of vulnerable and affected devices. Isolate systems from the internet or create additional layers of defense to their system from the internet by placing the affected hardware behind a firewall or into a demilitarized zone (DMZ). If remote connections to the network are required, then users should consider using a VPN or other means to ensure secure remote connections into the network where the device is located.

More information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References